I have two directories in Azure. The first one contains all the customers of our company, who are registered in Azure Ad B2C. These users must be separated from the other directory, which contains employees in our company. This second directory which I mentioned, also contains resources such as Key Vaults. These key vaults should be accessible for both employees (Directory 2) and for customers (Directory 1).
The idea was to add the users object_id into the access policy of the Key Vault, so that he could only access that specific Key Vault, and not modify any others. But since some of the users (The ones from Directory 1) are located somewhere else, this is not possible.
Does anyone have a beautiful solution for this problem?
Azure AD B2C users cannot access resources within an Azure Subscription. Your only option is to use the Azure AD B2B flows. https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b