ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
20 July 2020

Azure AD B2B vs B2C: What are the key differences between Microsoft’s external access products?

  • CIAM
  • Azure AD
  • Azure AD B2B
  • Azure AD B2C
Marcus Idle

Deciding which external access solution meets your needs can be a challenge, so let’s explore what Microsoft’s Azure AD B2B and B2C products offer, where they crossover, and where they differ.

The management of external identities has changed a great deal in recent years, with Microsoft‘s approach being no exception.

If you‘re reading this blog, you‘ve likely come across the two products Microsoft uses to facilitate external access, Azure AD B2B and Azure AD B2C.

On the surface, it would seem self-explanatory that B2B is used to provide access to partners and suppliers whilst B2C caters to customer-facing interactions.

Like much of life, however, things are never so clear cut. Azure AD B2B and B2C may have begun life intended for these purposes, but there‘s an increasing amount of crossover in their application.

This can make things difficult for when it comes to selecting the right technology choice for your scenario. In this blog, I shall attempt to clarify the differences between the two and highlight how they can best serve your external access needs.

 

Azure AD B2B and B2C explained

So, how does Azure AD B2B work?

B2B (or ‘Azure AD B2B collaboration’) addresses the problem of sharing your applications with external users and is a feature of Azure AD rather than a standalone service.

These users could be suppliers, customers, partners or any kind of external user with whom you wish to collaborate.

In the past, you may have just created a user account on your corporate Active Directory (i.e. a ‘local account’) to invite an external user to use a web application. Or, if you have ADFS infrastructure, you may have established a trust relationship between your ADFS server and your partner’s.

The local account solution is an easy fix – but it comes with a housekeeping problem. When the external user leaves, you may not be notified immediately (or at all) of their departure – which means they could retain access even when they should not have it.

The ADFS solution is a neater one – but is complex and requires all of your partners to have a similar solution and to set up trusts between each organisation.

In response, Microsoft created Azure Active Directory B2B, where you simply invite a user by email to start the ball rolling:

  • The user receives an email with a link to accept the invitation.
  • The authentication happens in the right place (at the user’s organisation).
  • The trust relationship is established in the background – without any new hardware or configuration.
  • Credentials stay in the guest directory.
  • Access control is managed in the host directory.

There are many advantages of using the B2B feature to invite guests into your organisation:

  • You can place guests into the same groups as your employees to manage access to resources.
  • You can invite users and bundle up access using access packages (via an Azure AD feature called ‘entitlement management’).
  • You can control and review access with Azure AD’s conditional access and access reviews.
  • You can easily create 'terms of use' that your guests must accept before they gain access.

Confused about Azure AD B2B and B2C?

Watch our on-demand webinar and we’ll make things clear. You will:

  • Discover the key differences between Azure AD B2B and Azure AD B2C
  • See demos of Azure AD B2B’s and B2C’s user journeys and experiences
  • Find the best solution for your business – B2B, B2C or a hybrid combination
Watch on-demand now

What is Azure AD B2C?

Azure AD B2C provides an authentication solution for your outward-facing applications and is a service independent of Azure AD.

The actual authentication process works in a very similar way to B2B. But B2C is not designed to allow access to your employee groups and other resources, as it is primarily intended for end customers.

B2C provides complex user flows (known as custom policies). This feature allows you to have multi-step sign-in experiences, which can be useful for providing or verifying attributes.

For example, with one of our insurance company clients, existing customers with no online relationship with the company needed to be able to sign up to the website and see their documents.

To make this happen, the company needed to verify the customer’s identity using an API call during sign up:

After accepting the terms and conditions, the customer submits their account number and a one-off ‘activation code’. Providing these two items allows the policy to check their identity.

The policy sends the data to a web service (API) external to B2C and receives a response which tells it whether the user is indeed a customer.

At this point, the customer can now continue to set up their credentials, complete the sign-up process, and access their documents.

 

Azure AD B2B and B2C compared

Below I’ve put together a comparison of the two products against some typically required features:

At time of writing, B2C offers some features that B2B does not have:

Out-of-the-box integration with a wide range of identity providers including MSA, Amazon and more: B2B only offers out-of-the-box integration with Google accounts and Facebook accounts (the latter in ‘preview’ only).

Custom policies with multiple steps: B2B offers journey steps but in a more limited way – for example, you can call an external API but at the moment you only have two choices about when to call it

Convergence

However, Microsoft is rapidly developing new capabilities for B2B.

In 2020, the following features were included in the public preview of Azure Active Directory:

  • Additional attributes
  • Custom page layouts in user flows
  • API connectors (ability to call an external API during a user flow)

So, what we’re seeing is a trend of convergence between the two products. The restriction of having to choose B2C if you want a customised look and feel no longer applies.

This means that these two products are increasingly venturing beyond the confines of their original B2B and B2C remits. It’s more about deciding on the functionality you require and selecting the product that suits you best, regardless of whether it’s a partner or customer access scenario.

I wouldn’t be at all surprised if Microsoft were to do away with the B2B and B2C labels. As these two products become ever more entwined, eventually they will act as one external access management suite.

Key takeaways

  • Don’t let the B2B and B2C labels mislead you – focus on the functionality.
  • Both products benefit from industry-standard protocols and world-class security features.
  • Azure AD B2C has the most flexibility, but B2B is catching up.
  • Increasing crossover and hybrid deployments will likely open up more features in future.

Next steps

A clickable call to action image to take the ThirdSpace Customer Identity and Access Management Scorecard.

You may also like...

Blog

How to reduce membership friction and stay secure with Azure AD B2C

Blog

Secure application sign-in with Azure AD B2C

Blog

Azure AD B2C: Built-in flows vs custom policies. Which is right for you?

Recent Blog Articles

View All
Author
Marcus Idle
Head of CIAM and IP Development
Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.