I am reading about the DUO two-factor authentication extension for Microsoft Azure Active Directory, and the documentation is here. However, it doesn't seem that DUO is integrable with Azure AD B2C because these instructions are specific for Azure AD (for example, under the "Create the Duo MFA Custom Control" header, step #2 says "Go to Azure Active Directory -> Conditional Access"; yet the Azure AD B2C page in the portal doesn't have a Conditional Access tab).
Therefore, my questions are:
How is DUO above different than the built-in multi-factor authentication Azure AD B2C solution?
Does DUO integrate with Azure AD B2C or not?
Duo is integrated with the conditional access feature that is available for the Azure AD "Enterprise" service.
This feature is not available for the Azure AD B2C service.
Azure AD B2C's multi-factor authentication provider is limited to the second-factor authentication of users by a phone call or a phone message.
Duo supports a phone call, a phone message, as well as a push notification to Duo's phone app.
You might be able to integrate Azure AD B2C with Duo using an Azure AD B2C custom policy and the Duo Auth API.
For an example of how Azure AD B2C can be integrated with a third-party multi-factor authentication provider, such as Authy, see the Wingtip custom policies and watch this walkthrough video.
How is DUO above different than the built-in multi-factor authentication Azure AD B2C solution?
Duo Security
Duo Security is used to provide second form-factor authentication for remote access to our corporate information. It provides cloud-based two-factor authentication. Duo’s technology can be deployed to protect users, data, and applications from breaches, credential theft, and account takeover.
Microsoft Azure Multi-Factor Authentication
Azure Multi-Factor Authentication reduces organizational risk and helps enable regulatory compliance by providing an extra level of authentication. It is being used for custom applications and as a way to help secure them.
Generally, Duo Security is more popular than Microsoft Azure Multi-Factor Authentication. Some other details, you could refer to the articles, 1 and 2.
Does DUO integrate with Azure AD B2C or not?
It seems that DUO Security does not integrate with Azure AD B2C currently, I could not find the Conditional Access in my b2c tenant and any related official documentation.
Related
Website webapp1.com has registered users with its own IdP implementation.
There are other websites such as webapp2.com, webapp3.com, webapp4.com (different domain).
A logged-in-user user1 of webapp1.com wants to do a SSO login to webapp2.com or webapp3.com or webapp4.com.
user1 has accounts in webapp2.com/webapp3.com/webapp4.com as well.
Is there a way to implement this using Azure AD or Azure AD B2C?
This is possible using PingIdentity.
https://www.pingidentity.com/en/resources/blog/posts/2021/sso-vs-federated-identity-management.html
Tried Azure AD and Azure AD B2C.
There is no documentation found how this could be done.
As long as the web apps connect to the same identity provider/s, the user will get SSO if they visit another app and pass through those same identity providers. With AAD this is the default and only behaviour. With AAD B2C this is the default behaviour, but can be restricted.
I want to build a public facing SaaS website. My users will either be:
enterprise customers and I will want them to be able to login with their corporate credentials.
non-enterprise customers. I will want the ability for them to register and use local credentials.
What would the solution look like? I'm thinking:
Use Azure AD and federate with the identity providers of my enterprise customers.
Use Azure B2C for my website, and configure #1 as my identity provider with the ability to create local accounts.
Is this the correct solution?
In your case, you can use Azure AD B2C for both the enterprise and non-enterprise customers
Enterprise customers and I will want them to be able to login with
their corporate credentials
You can use Azure AD B2C policy for the enterprise customers to use their corporate credentials for sign-in and sing-up
This policy uses a multi-tenant Azure AD application and the /common Azure AD endpoint to federate Azure AD B2C with any Microsoft 365 customer in the world
Non-enterprise customers. I will want the ability for them to register
and use local credentials
The users can sign-in and sign-up with their local accounts in the Azure AD B2C
You can refer this use-case provided by Microsoft for more info:
Azure Active Directory B2C | Overview with Example
We are using azure ad b2c for identity management and SSO for all our applications, So all our products/apps are registered on azure ad b2c directory. Users are also created on azure AD through MS Graph API. So all these users can avail the SSO facility. Now along with azure ad b2c we also want to use OneLogin. Is it possible with the existing azure ad b2c setup? I tried to google it but did not find any concrete answer. Can we add OneLogin as a identity provider like google, facebook in azure ad b2c?
Yes.
As per the docs, you can add any identity provider that supports OAuth 1.0, OAuth 2.0, OpenID Connect, or SAML protocols.
I would like to ask whether it is possible to use the ROPC flow with Azure Active Directory for an account that is federated via ADFS.
We are successfully authenticating via ROPC using a cloud account, but cannot authenticate using an account via ADFS.
So, I would like to ask if this scenario supported by AAD using the ROPC flow. If yes, is there any specific configuration required on the setup (ADFS / Application) to work?
Azure AD does not support ROPC flow for federated accounts.
Currently, we are using Azure AD B2C in one of our website and we want to enable the conditional access policy for our users. I want to know whether we can able to use the conditional access policy and other AD features for Azure AD B2C users or not?
Currently, conditional access is an Azure AD Premium feature, so it isn't available for Azure AD B2C.