Azure AD B2C租户和普通Azure AD租户之间有什么区别? [英] What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
问题描述
我已经看到很多人对我们在Azure AD B2C租户中可以做什么以及B2C租户与普通Azure AD租户之间的区别感到非常困惑.主要问题是:
I've seen so many people are very confused about what we can do in Azure AD B2C tenant and the difference between a B2C tenant and normal Azure AD tenant. The main questions are:
-
Azure AD B2C租户与普通Azure AD租户有什么区别?
What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
由于我什至可以在B2C租户中使用某些功能,例如Azure AD Connect,在B2C租户中购买新的订阅并使用它,依此类推,所以我应该使用这些功能吗?
Since I can even use some features in B2C tenant, such as Azure AD Connect, buy a new subscription in B2C tenant and use it and so on, Should I use these features?
为什么在B2C租户中给我这些功能?为什么不只在普通的Azure AD租户中使用B2C?
Why give me these features in the B2C tenant? Why not just use B2C in normal Azure AD tenant?
推荐答案
Azure AD B2C租户仅用于使用Azure AD B2C功能. Azure AD B2C功能(不是租户)只是像普通Azure AD中的VM这样的资源,此功能需要您切换到B2C租户才能使用. 我们不应在B2C租户中使用与Azure AD B2C不相关的其他功能.
Azure AD B2C tenant is just for using Azure AD B2C feature. Azure AD B2C feature(not tenant) is just a resource like VM in the normal Azure AD and this feature needs you to switch to B2C tenant to use. We should not use other features which are not related to Azure AD B2C in B2C tenant.
最重要的区别是用户的管理.
-
对于普通的Azure AD,用户的数据(非严格地)存储在用户"中,您可以在Azure Active Directory的用户"刀片上看到该数据.但是,对于B2C租户,用户的数据既存储在用户"应用程序中,又存储在B2C扩展应用程序中,您可以在应用程序注册中看到它们.
For normal Azure AD, users’ data is stored(not strictly) in "Users" which you can see it on the Users blade on Azure Active Directory. However, for B2C tenant, users’ data is stored in both "Users" and B2C extension app, which you can see it in App registrations.
对于普通的Azure AD,用户是在一个组织中管理的,这些用户通常是指一个组织中的员工.但是,在B2C租户中,这些用户都是可以访问您的B2C应用程序的所有客户.
For normal Azure AD, users are managed in one organization, these users usually mean employees in one organization. However, in B2C tenant, these users are all customers which can access your B2C app.
对于普通的Azure AD,可以通过单击新用户"按钮来创建用户,并且这种类型的用户是租户中的成员.您还可以通过Azure AD B2B从外部邀请用户,这种类型的邀请用户是来宾用户.对于B2C租户,用户都是租户中的所有成员.但是用户帐户的类型是本地帐户和社交帐户.可以通过注册或使用Azure AD Graph API创建本地帐户.无法像正常的Azure AD一样通过单击新用户"来创建它.只能通过注册创建社交帐户.
For normal Azure AD, users can be created by clicking "New user" button and this type of users is Member in the tenant. You can also invite users from external by Azure AD B2B and this type of invited users is Guest users. For B2C tenant, users are all members in the tenant. But the types of the user accounts are local account and social account. Local accounts can be created by Sign up or using Azure AD Graph API. It cannot be created by clicking "New user" like a normal Azure AD. Social accounts can only be created by signing up.
总体而言,普通Azure AD租户基于员工,并且该租户代表组织. Azure AD B2C租户表示要与依赖方应用程序一起使用的身份的集合.每个人都可以注册该应用并访问它.此外,您还可以使AAD租户成为具有自定义策略的B2C租户的社交帐户身份提供者.您可以参考本文档以实现此目的.
Overall, Normal Azure AD tenant is employee-based and the tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. Everyone can sign up the app and access to it. Also, you can make AAD tenant be a social account identity provider for B2C tenant with custom policies. You can refer this documentation to achieve this.
答案是否定的,你不应该.即使您可以在B2c租户中使用这些功能,我们也不支持或建议您这样做.这是因为使用这些功能时可能会遇到太多问题,而B2C tanant并非针对这些功能而设计.
The answer is NO, you shouldn’t. Even you can use these features in B2c tenant, we don’t support or suggest you do like this. This is because that you may come across too many issues when using these features and B2C tanant is not designed for these features.
-
首先,要弄清基于员工的用户和客户,我们需要通过不同的租户对其进行区分.应严格管理基于员工的用户,并在可控制的范围内.但是客户是公开的,每个人都可以访问您的App资源.
First, to clarify employee-based users and customers, we need to distinguish them by different tenants. Employee-based users should be managed strictly and in a scope under control. But customers are in public and everyone can access your App resource.
第二,用于2C的身份验证逻辑与2B相同. B2C需要一个新的身份终结点,该终结点不同于普通的Azure AD.此外,B2C租户需要使用自定义的身份体验框架来为客户提供更友好的用户体验.这就是为什么我们不能在普通的Azure AD租户中使用B2C的原因.
Second, authentication logic for 2C is not different from 2B. B2C needs a new identity endpoints which are different from normal Azure AD. Also, B2C tenant needs use custom Identity Experience Framework to achieve more friendly user experience for customers. This is why we cannot use B2C in a normal Azure AD tenant.
第三,B2C用户可能数以百万计,甚至更多,AAD组织用户数应该比B2C用户少得多. B2C的后端引擎与AAD不同,因此它们使用的是不同的硬件.
Third, B2C users may be millions and even more, count of AAD organization users should be much less than B2C users. The backend engine of B2C is different from AAD so that they're using different hardware.
但是,B2C租户是基于Normal Azure AD开发的,它可能使用与AAD相关的其他功能来管理.这样一来,您还可以在B2C租户中看到与普通Azure AD相同的UI和其他功能.
However, B2C tenant is developed based on Normal Azure AD and it may use other features related AAD to manage. So that you can also see same UI as Normal Azure AD and other features in the B2C tenant.
首先,您可以认为Azure AD B2C只是一项功能,您需要切换目录才能使用.如果要使用其他功能,只需转到常规的Azure Active Directory.
Above all, you can consider Azure AD B2C is just a feature which you need to switch a directory to use. If you want to use other features, just go to a normal Azure Active Directory.
Azure AD,Azure AD B2B,Azure AD之间的区别B2C.
这篇关于Azure AD B2C租户和普通Azure AD租户之间有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
