Azure has so many identity options, and it’s not always clear which one fits best. For what you’re doing, Entra ID B2B collaboration is probably the way to go. It lets external businesses use their own Entra ID accounts to access your SaaS app without managing separate logins. They stay as guest users in your tenant, meaning they can’t mess with your Azure resources, just your app.

If you need to give them different roles, like an admin role for managing their own users, you can handle that inside your app using app roles in Entra ID. If you don’t want to invite every single user manually, entitlement management is worth looking into—it lets company admins request access for their people without you having to be involved every time.

B2C isn’t the right fit here since that’s more for open sign-ups, like if you were letting random users register. Your setup is strictly for business customers, so B2B keeps things cleaner and more secure.