question

DiptiChhatrapati-8731 avatar image
0 Votes"
DiptiChhatrapati-8731 asked ·

How to Synchronize/Migrate AAD B2C in O365 Azure AD B2B integration?

Hello,

We have a SharePoint on-premises application that uses Azure Active Directory - B2C for single sign on and other security features. At present we are planning to move to Microsoft cloud and require to know the solution to synchronize/migrate Azure AD B2C implementation with O365 Azure AD B2B? Would you please share your suggestions?

Thanks and Regards,

azure-ad-b2cazure-ad-authenticationazure-ad-b2b
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered ·

@DiptiChhatrapati-8731 There is no out of box solution to sync/migrate B2C users to standard Azure AD tenant as the information stored for signed-up local/social users is different than standard AAD users. You may consider exporting minimum required attributes from source directory to create users and use below method to create users in target directory:

2671-capture.jpg

If you want to add the users as Guests, use below method:

2681-capture2.jpg

You may also consider combining multiple requests by using $batch endpoint, as explained here: https://docs.microsoft.com/en-us/graph/json-batching




Please "Accept as answer" wherever the information provided helps you to help others in the community.


capture.jpg (25.0 KiB)
capture2.jpg (18.0 KiB)
· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you Amanpreet for these information!


I was wondering whether linking B2C tenant with O365 tenant B2B would be possible/promising as mentioned here? - https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant - Would you please clarify?


Thanks and Regards,


0 Votes 0 · ·
amanpreetsingh-msft avatar image amanpreetsingh-msft DiptiChhatrapati-8731 ·

@DiptiChhatrapati-8731 The instruction you are mentioning is to link subscription to Existing B2C Tenant. B2C tenant cannot be linked to B2B tenant. B2C can use B2B tenant as an IDP but that is a different topic which is not relevant to the requirement that you shared.

0 Votes 0 · ·
DiptiChhatrapati-8731 avatar image
0 Votes"
DiptiChhatrapati-8731 answered ·

Further I have following question:

If user b2cuser1@extdomain1.com exists in B2C tenant for SharePoint on-premises application's ( e.g. SPApplication.com) authentication and security features.Now,SPApplication.com is moving to SharePoint Online in O365tenant where there is no concept of B2C, but B2B integration. In this case, Is it necessary to migrate user b2cuser1@extdomain1.com into O365tenant AD?

I suppose, there is no need of migration, as if B2B is enabled in SharePoint Online, then with External Sharing settings at tenant and site level will allow b2cuser1@extdomain1.com user to authenticate with passcode and when b2cuser1@extdomain1.com try to access SP online first time via email, Azure AD account will be automatically created in O365tenant AD.

Can you please share whether in this case migration is really requiring or not? If migration is not requiring, then what are those features which O365tenant with B2B will miss which is available in Azure AD B2B?

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@DiptiChhatrapati-8731 If you are referring to below option, you need to have the b2cuser1@extdomain1.com present as a guest user in the new B2B tenant.

2673-capture.jpg

This option is only for those users who do not have presence in ant Azure AD tenant nor they have Microsoft Account associated with them. When the users will access the SharePoint online site and enter the OTP, their invitation will be redeemed. In short, users need to be migrated but they won't need to redeem the invitations explicitly as it will be done with first time login to SP Online site.

Also, if the users are not present in the tenant, you will not be able to add them as members to the SharePoint site in first place and they will be denied access to the site.



Please "Accept as answer" wherever the information provided helps you to help others in the community.


capture.jpg (12.4 KiB)
· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DiptiChhatrapati-8731 avatar image
0 Votes"
DiptiChhatrapati-8731 answered ·

Hi Amanpreet,

I have tested and verified earlier that the presence of the user in the tenant is not requiring if we want to add them as members OR share any content, they can be directly added without having them in the tenant, therefore I have following questions:

1) Does it require the transformation of B2C accounts into the O365 tenant? If not, then what are the features we may miss which is possible in B2C but not B2B for a large number of users?

2) Is there any story/solution available that can guide on integrating on-premises B2C with O365 B2B for a large number of users, for example, 40K internal and 35K external users?

3) Is there any documentation/best practices to plan external sharing for the 40K internal and 35K external users? ( There are of course documentation available on how to share content at tenant/site level, however, I could not find any planning documentation)

Thanks and Regards,

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.