Azure AD B2C 租户和普通 Azure AD 租户有什么区别? [英] What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
问题描述
我看到很多人对我们可以在 Azure AD B2C 租户中做什么以及 B2C 租户和普通 Azure AD 租户之间的区别感到非常困惑.主要问题是:
I've seen so many people are very confused about what we can do in Azure AD B2C tenant and the difference between a B2C tenant and normal Azure AD tenant. The main questions are:
Azure AD B2C 租户和普通 Azure AD 租户有什么区别?
What's the difference between Azure AD B2C tenant and normal Azure AD tenant?
既然我什至可以在 B2C 租户中使用一些功能,例如 Azure AD Connect,在 B2C 租户中购买新订阅并使用它等等,我应该使用这些功能吗?
Since I can even use some features in B2C tenant, such as Azure AD Connect, buy a new subscription in B2C tenant and use it and so on, Should I use these features?
为什么要在 B2C 租户中为我提供这些功能?为什么不在普通 Azure AD 租户中使用 B2C?
Why give me these features in the B2C tenant? Why not just use B2C in normal Azure AD tenant?
推荐答案
Azure AD B2C 租户仅用于使用 Azure AD B2C 功能.Azure AD B2C 特性(非租户)只是普通 Azure AD 中的 VM 之类的资源,该特性需要切换到 B2C 租户才能使用.我们不应在 B2C 租户中使用与 Azure AD B2C 无关的其他功能.
Azure AD B2C tenant is just for using Azure AD B2C feature. Azure AD B2C feature(not tenant) is just a resource like VM in the normal Azure AD and this feature needs you to switch to B2C tenant to use. We should not use other features which are not related to Azure AD B2C in B2C tenant.
最重要的区别在于用户的管理.
对于普通的 Azure AD,用户的数据存储(不严格)在用户"中,您可以在 Azure Active Directory 的用户边栏选项卡上看到它.但是,对于 B2C 租户,用户的数据存储在用户"和 B2C 扩展应用中,您可以在应用注册中看到.
For normal Azure AD, users’ data is stored(not strictly) in "Users" which you can see it on the Users blade on Azure Active Directory. However, for B2C tenant, users’ data is stored in both "Users" and B2C extension app, which you can see it in App registrations.
对于普通的 Azure AD,用户在一个组织中进行管理,这些用户通常是指一个组织中的员工.但是,在 B2C 租户中,这些用户都是可以访问您的 B2C 应用的客户.
For normal Azure AD, users are managed in one organization, these users usually mean employees in one organization. However, in B2C tenant, these users are all customers which can access your B2C app.
对于普通的Azure AD,可以通过点击新建用户"按钮来创建用户,这种类型的用户是租户中的成员.您还可以通过 Azure AD B2B 从外部邀请用户,这种邀请的用户是来宾用户.对于 B2C 租户,用户都是租户中的成员.但用户帐户的类型是本地帐户和社交帐户.可以通过注册或使用 Azure AD Graph API 创建本地帐户.它不能像普通的 Azure AD 一样通过单击新用户"来创建.社交帐户只能通过注册创建.
For normal Azure AD, users can be created by clicking "New user" button and this type of users is Member in the tenant. You can also invite users from external by Azure AD B2B and this type of invited users is Guest users. For B2C tenant, users are all members in the tenant. But the types of the user accounts are local account and social account. Local accounts can be created by Sign up or using Azure AD Graph API. It cannot be created by clicking "New user" like a normal Azure AD. Social accounts can only be created by signing up.
总的来说,普通 Azure AD 租户是基于员工的,租户代表一个组织.Azure AD B2C 租户表示要与依赖方应用程序一起使用的一组标识.每个人都可以注册该应用程序并访问它.此外,您可以使用自定义策略使 AAD 租户成为 B2C 租户的社交帐户身份提供者.您可以参考此文档来实现此目的.
Overall, Normal Azure AD tenant is employee-based and the tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. Everyone can sign up the app and access to it. Also, you can make AAD tenant be a social account identity provider for B2C tenant with custom policies. You can refer this documentation to achieve this.
答案是否定的,你不应该.即使您可以在 B2c 租户中使用这些功能,我们也不支持或建议您这样做.这是因为您在使用这些功能时可能会遇到太多问题,而 B2C tanant 并不是针对这些功能而设计的.
The answer is NO, you shouldn’t. Even you can use these features in B2c tenant, we don’t support or suggest you do like this. This is because that you may come across too many issues when using these features and B2C tanant is not designed for these features.
首先,要明确基于员工的用户和客户,我们需要通过不同的租户来区分它们.对员工用户进行严格管理,控制范围.但客户是公开的,每个人都可以访问您的应用资源.
First, to clarify employee-based users and customers, we need to distinguish them by different tenants. Employee-based users should be managed strictly and in a scope under control. But customers are in public and everyone can access your App resource.
其次,2C 的身份验证逻辑与 2B 没有区别.B2C 需要一个不同于普通 Azure AD 的新标识端点.此外,B2C 租户需要使用自定义身份体验框架来为客户实现更友好的用户体验.这就是我们不能在普通 Azure AD 租户中使用 B2C 的原因.
Second, authentication logic for 2C is not different from 2B. B2C needs a new identity endpoints which are different from normal Azure AD. Also, B2C tenant needs use custom Identity Experience Framework to achieve more friendly user experience for customers. This is why we cannot use B2C in a normal Azure AD tenant.
第三,B2C 用户可能有数百万甚至更多,AAD 组织用户的数量应该比 B2C 用户少得多.B2C 的后端引擎与 AAD 不同,因此它们使用不同的硬件.
Third, B2C users may be millions and even more, count of AAD organization users should be much less than B2C users. The backend engine of B2C is different from AAD so that they're using different hardware.
但是,B2C租户是基于Normal Azure AD开发的,可能会使用其他AAD相关的特性进行管理.这样您也可以在 B2C 租户中看到与普通 Azure AD 相同的 UI 和其他功能.
However, B2C tenant is developed based on Normal Azure AD and it may use other features related AAD to manage. So that you can also see same UI as Normal Azure AD and other features in the B2C tenant.
最重要的是,您可以认为 Azure AD B2C 只是您需要切换目录才能使用的功能.如果您想使用其他功能,只需转到普通的 Azure Active Directory.
Above all, you can consider Azure AD B2C is just a feature which you need to switch a directory to use. If you want to use other features, just go to a normal Azure Active Directory.
比较 Azure Active 中的 B2B 协作和 B2C目录
Azure AD、Azure AD B2B、Azure AD B2C的区别.
这篇关于Azure AD B2C 租户和普通 Azure AD 租户有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
