英文:
Can Azure AD B2C Tenant be created with ARM Templates via Azure DevOps pipeline?
问题
我想通过AzureDevops管道使用ARM模板来创建Azure AD B2C租户。
这个问题已经得到答复,因为在以下问题中不可能实现:
然而,微软的文档表示这是可能的:
Microsoft.AzureActiveDirectory b2cDirectories
备注
您可以使用ARM模板或Bicep文件创建B2C租户,但不能更新现有的B2C租户。
我真的很困惑,微软说它可以创建,但我找不到一个示例ARM模板JSON文件或关于如何操作的信息。
与微软一样,一些资源也提到可以使用Biceps来完成这个操作,有人可以确认微软的说法:“您可以使用ARM模板创建B2C租户”是正确的,并指导我如何操作吗?
英文:
I want to create an Azure AD B2C tenant via the AzureDevops pipeline using an ARM template.
This question has been answered as it is not possible on below questions :
However, Microsoft documentation says it is possible :
Microsoft.AzureActiveDirectory b2cDirectories
Remarks
You can create a B2C tenant with an ARM template or Bicep file, but you can't update an existing B2C tenant.
I am really confused, Microsoft is saying it can be created, but nowhere I could find a sample ARM template json file or an information about how to do it.
As with Microsoft, some resources also mention that this can be done using Biceps, can anyone confirm if Microsoft's statementt : "You can create a B2C tenant with an ARM template" is correct and direct me how to do it ?
答案1
得分: 0
在已登录用户的上下文中创建 Azure AD B2C 租户是必须的,以便将该用户添加为新租户的第一个全局管理员。您可以尝试使用 ROPC 流程 以用户身份进行自动化认证。必须考虑特殊情况,如使用服务主体或托管标识在创建/提交步骤后即时创建用户帐户和密码(在完成创建/提交步骤后可丢弃),或者使用安全解决方案(如 KeyVault)存储其密码。
英文:
Creating an Azure AD B2C tenant must be done in the context of a signed-in user. This is required so that the latter can be added to the new tenant as the first global admin. You might try automating the process authenticating as a user using the ROPC flow. Special considerations must be taken into account such as creating a user account and password on the fly (to be disposed once the creation/post steps have been fulfilled) using a service principal or managed identity and/or storing its password using a secure solution such as KeyVault.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论