All geek questions in one place

Deploy Azure Active Directory B2C through a resource manager (or code)

Our company is considering using AAD B2C as a backup storage for our SaaS user accounts. Our plan is to use resource manager templates to deploy Azure infrastructure (web, storage, sql, etc.) for each client. AAD B2C will be part of this if it works, but at the moment there is no way to include AAD B2C in resource manager templates.

My view on the intent of the B2C product is that it serves as a replacement for the components of the auth application and the user store of the application and therefore should be considered as an infrastructure. Now the hierarchy between AAD and resource groups in the new azure portal does not reflect the fact that - resource groups (and their resources) are displayed under the "identifier" in the AAD account. But why? Is AAD a parent for a resource group? I am trying to understand how they fit together.

If AAD B2C is really designed for this purpose, when it leaves the preview, it will need to support automation. After a quick search, I can’t even find code samples to create a new directory, not to mention this, using the resource manager templates.

Am I looking at it all wrong?

+5
source share
1 answer

There is currently no way to automate the creation of an AAD B2C tenant, as there is no way to automate the creation of an AAD tenant.

After you create a tenant, you can access it programmatically using the Graph API. For more information, see the documentation: https://azure.microsoft.com/en-us/documentation/articles/active-directory-b2c-devquickstarts-graph-dotnet/ .

The first paragraph of this documentation mentions the following:

Azure Active Directory (Azure AD) B2C tenants tend to be very large. This means that many common tenant management tasks must be performed programmatically . The first example is user management. You may need to move your existing user store to a B2C tenant. You may want to register a user on your own page and create user accounts in Azure AD backstage. These types of tasks require the ability to create, read, update, and delete user accounts. You can complete these tasks using the Azure AD Graph API.

Note: at the time of writing this is still in preview, so the API can change at any time, and you do not have an SLA.

For the latest status on which Azure services support ARM, you can read this page: https://azure.microsoft.com/en-us/documentation/articles/resource-manager-supported-services/

+4
source

Source: https://habr.com/ru/post/1234644/

More articles:


All Articles