Can I share the same KeyVault between Azure B2C, and Azure B2B (AAD)?

474 views Asked by At

A KeyVault seems to be tightly coupled to a single AAD instance

What guidance should I follow when I want to support Azure AD (B2C) and B2B / Work users?

I'm currently exploring this solution to help manage the independent sign in flows.

1

There are 1 answers

0
juunas On

According to the docs for Set-AzureRmKeyVaultAccessPolicy PowerShell cmdlet that gives access to an app or a user to secrets in the Key Vault:

The following directories must all be the same Azure directory:

-- The default directory of the Azure subscription in which the key vault resides.

-- The Azure directory that contains the user or application group that you are granting permissions to.

So the Key Vault will be in a subscription and that subscription is attached to a single Azure AD. Any application that is given access must be from that directory.