通过Azure B2C登录Azure AD用户

huangapple go评论60阅读模式
英文:

Sign in Azure AD users through Azure B2C

问题

  1. 我正在构建自定义的B2C策略,以通过Azure B2C设置Azure AD用户的登录。我正在按照以下链接进行操作 - https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy

  2. 我对以下问题不太清楚:

    1. 当Azure AD作为身份提供者时,应该使用哪个入门包?我正在使用"socialandlocalaccounts"包 - 这样做正确吗?
    2. 在按照Microsoft链接中的说明进行操作后,我看到Azure AD登录界面。我输入AD凭据,登录成功,我可以看到Azure B2C租户->用户中创建了一个用户条目。所以Azure AD中的用户信息现在作为本地用户在B2C中创建了。这是否是预期行为?我找不到任何描述这种行为的文档。

任何建议?谢谢。

英文:

I am building custom B2C policy to set up sign in of Azure AD users through Azure B2C. This is the link that I am following - https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant?pivots=b2c-custom-policy

I am unclear on these

  1. Which starter pack should be used when Azure AD is identity provider? I am using socialandlocalaccounts pack - is that correct?
  2. after I follow instructions in MS link above, I get a Azure AD screen to log in. I enter AD credentials, log in is successful, I can see that a user entry is created in Azure B2C Tenant->Users. So user info from Azure AD is now being created as a local user in B2C. Is this expected? I cannot find any documentation that describes this behavior.

Any suggestions? Thanks

答案1

得分: 1

在自定义策略中,"social" = "federation",这就是你在Azure AD中所做的事情。

是的,联合用户在Azure AD中被创建为"影子账户"。他们不是本地用户。这些用户不能直接登录到B2C。

您将在用户界面中看到他们是一种"不同"类型的用户。

如果您查看用户属性:

"identities": [
{
"signInType": "userName",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "contoso.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cd"
}
]

英文:

In custom policies, social = federation which is what you are doing with Azure AD.

Yes, federated users are created in Azure AD as "shadow accounts". They are not local users. These users cannot log in to B2C directly.

You will see in the User blade that they are a "different" type of user.

If you look at the user attributes:

"identities": [
  {
    "signInType": "userName",
    "issuer": "contoso.onmicrosoft.com",
    "issuerAssignedId": "johnsmith"
  },
  {
    "signInType": "emailAddress",
    "issuer": "contoso.onmicrosoft.com",
    "issuerAssignedId": "jsmith@yahoo.com"
  },
  {
    "signInType": "federated",
    "issuer": "facebook.com",
    "issuerAssignedId": "5eecb0cd"
  }
]

huangapple
  • 本文由 发表于 2023年2月8日 08:40:06
  • 转载请务必保留本文链接:https://go.coder-hub.com/75380372.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定