在Azure中构建SaaS产品 [英] Building a SaaS product in Azure

问题描述

我们正在开始构建一个内部客户可以开始的产品，但希望能够向其他公司发展SaaS产品。 

第一个挑战是规划目录服务。 我们希望坚持使用Azure中可用的资源，但我们正在努力确定Azure AD，Azure AD  B2 B 或Azure AD  ; B2C可以做到这一点。 

要求： 

• 外部SaaS客户ID在与公司不同的目录中进行隔离和管理广告。我认为，这排除了Azure的AD，因为每个租户和Azure的AD B2B仅1目录，因为它的文档说" 外部用户在同一个目录中
  员工"管理
• 强制之类的东西。MFA 我知道Azure AD P2支持这个以及B2B，但是见上文，似乎这两个产品对我们不起作用。
• SaaS客户可以使用他们的ID（contoso.com）而不是Microsoft帐户，Facebook，Gmail等等。所以B2C已经淘汰了吗？
• 类似ThreatMetrix的服务（Azure广告提供身份保护的P2与ThreatMetrix相比可以吗？）

我的理解是每个租户只有一个AzureAD，使用Azure B2B，外部用户将与内部公司员工在同一目录中（这不适用于该公司的员工） IT小组）。 我们是否需要查看一些非Azure目录产品，比如
ForgeRock来实现这一目标？或者我们是否需要在另一个订阅中为外部用户单独部署应用程序，以便所有外部用户都拥有自己的Azure AD？

解决方案

Hello  Bazul ， 

感谢您的查询。如果您计划将解决方案发展为SaaS产品，那么您是正确的，Azure AD和Azure AD B2B将无法满足您的需求。根据您的要求，请找到相关要点。 

1。 Azure AD或Azure AD B2B可能不适合您的B2C。 

2。 Azure AD B2C dos提供MFA功能。请查看文章的 https://docs.microsoft .com / zh-CN / azure / active-directory-b2c / active-directory-b2c-reference-mfa

3。拥有有效电子邮件地址的任何人都可以注册。您可以使用外部身份提供商，如FB，Google等，以便他们登录。 

4。我没有使用过Threatmetrix，因此我可能无法提供权威的比较，但它似乎是一种广泛的欺诈检测解决方案，主要应用于金融欺诈检测，但不限于此。根据Azure AD B2C，我们提供
某种级别的威胁管理。你可以在这里阅读更多的 HTTPS： @d $。$ p $ >您必须管理两个不同的目录。一个Azure AD适用于内部用户和任何B2B案例，另一个适用于您使用Azure AD B2C构建的SaaS产品的用户存储。 Azure AD B2C需要通过将
链接到任何现有订阅以进行计费来激活，并实现其全部潜力。 SaaS产品应该是一种消费者服务，它应该有自己的用户商店，不应该使用母公司的Identity商店来存储注册用户的
身份信息。 

希望信息有所帮助。 

谢谢。 

We're beginning to build a product that will have internal customers to start but hope to evolve to a SaaS offering to other companies. 

The first challenge is planning directory services.  We'd like to stick with resources available in Azure out of the box but we're struggling to determine if Azure AD, Azure AD B2B or Azure AD B2C can accomplish this. 

Requirements: 

• External SaaS customer IDs segregated and managed in a separate directory from company AD. I believe this precludes Azure AD since only 1 directory per tenant and Azure AD B2B since it's docs say "External users are managed in the same directory as employees". 
• Enforce things like MFA.  I know Azure AD P2 supports this as well as B2B but see above, doesn't seem like those 2 products will work for us.
• SaaS customers can use their IDs (contoso.com) instead of Microsoft Accounts, Facebook, Gmail, etc. So B2C is out? 
• ThreatMetrix-like services (Can Azure ADs P2 offering Identity Protection compare to ThreatMetrix?)

My understanding is only one AzureAD per tenant, using Azure B2B the external users will be in the same directory as internal company employees (which won't work of this company's IT group).  Do we need to look at some non-Azure directory product like ForgeRock to accomplish this? Or would we need to have a separate deployment of the application for external users in another subscription so all external users have their own Azure AD?

解决方案

Hello Bazul, 

Thank you for your query. If you are planning to evolve your solution into a SaaS product then you are correct, Azure AD and Azure AD B2B would not serve your purpose. As per your requirements please find the relevant points. 

1. Azure AD or Azure AD B2B may not be suitable for your B2C is the way . 

2. Azure AD B2C dos provide MFA capablities . Please check the article https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa

3. Anyone who has a valid email address can signup . You can use external identity providers like FB , Google etc as well through which they can logon . 

4. I have not used Threatmetrix hence I may not be able to provide a authoritative comparison however it seems like a extensive solution for fraud detection majorly applied to financial fraud detection but not limited to it . As per Azure AD B2C , we provide some level of threat management . You can read more here. https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-threat-management . 

You would have to manage two different directories. One Azure AD for internal Users and any B2B cases and another which will be acting as a user store for the SaaS offering that you build using Azure AD B2C . Azure AD B2C will need to be activated by linking it any existing subscriptions for billing purposes and realize its full potential. A SaaS offering is supposed to be a consumer service which should have its own user store and should not be using the parent company's Identity store to store registered user identity information . 

Hope the information helps. 

Thank you. 

这篇关于在Azure中构建SaaS产品的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！