关于Azure B2B(企业对企业)的快速问题 [英] A quick question about Azure B2B (Business to Business)
问题描述
我今天在linkedIN上看到一则帖子,说Azure B2B现在接受Google ID(例如拥有Gmail帐户的人)
I saw a post today on linkedIN to say Azure B2B now accepts Google IDs (e.g. people with a Gmail account)
它说这是通过联邦(使用google作为身份提供者)实现的
It said this is achieved via Federation, (using google as the identity provider)
据我所知,您已经能够执行此操作一段时间(或者是因为它已在公共预览中),因此有人可以在后台输入自己的gmail帐户(在完成简单的登机流程之后已完成)此gmail帐户是 链接到占位符Azure AD帐户(由GUID表示).
As far as I am aware you have been able to do this for a while (or was that because it was in public preview), whereby someone could enter their gmail account but in the background (after the simple on boarding process was completed) this gmail account is linked to a place holder Azure AD account (represented by a GUID).
因此,在Azure AD的公告中,现在接受google ID,现在是主流预览服务的情况吗?还是这是新东西?
So in the announcement of Azure AD now accepts google IDs, is this the case where a preview service is now main stream ? or is this something new?
据我了解,联邦(如果我错了,请纠正我),尽管您自己的身份提供者与您自己的STS(受回复方信任的安全令牌服务)为您提供了令牌(签名的SAML/JWT)随即呈现 到回复方STS(然后再根据您提供的令牌中的信息创建自己的令牌),您仍然需要重播方系统中的对象(用户/组等)实例来检查是否允许该实例访问资源 基于令牌(查看资源上的ACL和令牌中的信息).因此,尽管回复方不需要维护用户密码即可对他们进行身份验证 (由受信任的身份提供者完成) 仍需要在中继方系统上创建/存在该对象(例如,将令牌信息(例如,组成员身份)与尝试访问的实际对象上的ACL相匹配)
As far as I understand federation (please correct me if I am wrong) although your own Identity provider together with your own STS (secure token service, which is trusted by the replying party) provides you with a token (signed SAML/JWT) with is then presented to the replying parties STS (which then creates is own token from the information in the token you provided), you still need an instance of an object (user/group etc) in the Replaying parties system to check if said instance is allowed access to a resource based on the token (looking at the ACL on the resource and the information in the token). So although the replying party does not need to maintain the users password to authenticate them (done by the trusted Identity Provider) an instance of an object still needs to be created/exists on the Relaying Party system (to match the token information e.g. group membership for example) to the ACL on the actual object trying to be accessed
以上正确吗?
非常感谢
CXMelga
推荐答案
是的,您是正确的.现在通常可以将Google ID添加为Azure AD B2B的身份提供者.
Yes, you are correct. Adding Google IDs as Identity Providers for Azure AD B2B is now Generally Available.
You can find all the details of the same in this document - Add Google as an identity provider for B2B guest users
-------------------- -------------------------------------------------- -----------
这篇关于关于Azure B2B(企业对企业)的快速问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
