External user collaboration – B2B – Understanding User Authentication

by Paulette Dukrs Posted on

B2B collaboration essentially extends the multi-tenant scenario; however, it will authenticate users who don’t have an Azure AD account but have some other form of corporate credential instead.

We’ve already seen these types of users—they are the ones for whom we create guest accounts in our Azure AD. In other words, the email can be from some other external provider.

The following diagram shows the different authentication flows used in B2C and B2B:

Figure 3.16 – Azure B2B versus B2C

We have seen in this section how we can leverage Azure’s authentication mechanisms to authenticate external users as well as internal users.

In the final section of this chapter, we will present an example scenario and discuss which tools and technologies can be used to meet the requirements.

Summary

In this chapter, we have looked at the distinction between authentication and authorization, and the challenges traditional username/password mechanisms present.

We explored Microsoft AD and Azure AD, the differences between them, and how we integrate them through AD Connect, including using AD Connect Health to monitor the connection.

We also saw how Azure provides Security Defaults to provide more advanced options such as MFA, and how through the use of CA we can implement finer-grained controls to tailor and control the user experience.

Finally, we considered the tools available for authenticating external users.

In the next chapter, we will continue this theme and see how we can continue to control the actions our authenticated users can perform through the use of authorization.

Exam scenario

The solutions to the exam scenarios can be found at the end of this book

Mega Corp is looking to begin its migration to Azure.

They currently have an existing AD and are looking to extend this into the cloud to support their workloads.

Because they have a mixture of office-based and remote workers, they need a robust solution that can withstand an interruption to the VPN that will connect them to their Azure tenant.

Remote users must have two-factor authentication, but Office users don’t want to be prompted for additional credentials when accessing apps in Azure.

Which options can be implemented to support these requirements?

Leave a Reply

Your email address will not be published. Required fields are marked *

Proudly powered by Williamshand | Theme: Designed by William.