Handle authentication for two different apps and different user sets within single Azure AD B2C tenant

Question

I have a scenario where I have two different web apps. Each with its own users. There is a possibility that user from app1 is also part of app2 as well. I have created one organization level Azure AD B2C tenant. What I am not able to understand are below things:

1. How can I differentiate users for each apps? Maybe with User Groups (if this supports with Azure AD B2C) / custom Roles / Custom user attributes ?
2. How can I create two different apps handing two different sets of users from above
3. Overall architecture of process

Answer 1

Hello @shashank kawle
I understand that you have two separate web apps, each with its own set of users, and that there is a possibility that a user from App1 may also be part of App2. Additionally, you've created a single Azure AD B2C tenant.

Regarding your queries:

1. You can differentiate users between the two applications by using custom claims, which can be implemented through user flows in Azure AD B2C. You can also explore using custom roles, or custom user attributes to achieve this differentiation.
2. By creating two distinct user flows in Azure AD B2C one for App1 and another for App2 you can customize the claims for each flow, allowing you to differentiate users based on the application they belong.
3. Create a custom attribute for each user flow and associate these attributes with the respective applications. For App1, configure a user flow with a custom attribute, and for App2, create a separate user flow with a different custom attribute. These distinct user flows will help you identify which users belong to which application. Make sure to configure the user flow based on the users' associations and have the respective attribute for the users.

For more detailed guidance, refer to this document: Azure AD B2C User Flow Custom Attributes.
Do let us know if you any further queries.