Why do you need Azure AD B2C?

Azure AD B2C ("B2C") is a state-of-the-art cloud identity provider from Microsoft, closely related to Azure Active Directory.

Why do you need B2C?

If you provide a customer or member portal on your website, you may be feeling the pressure to provide frictionless user experiences that encourage greater engagement with your platform. 

Organisations have to find a way to balance these demands with securing personal information from threats – a security hole can potentially become an embarrassing and costly data breach.

B2C, an enterprise-grade identity provider backed by Microsoft security infrastructure, offers a superb user experience and world-class threat protection.

Frictionless commerce

Having to create yet another password is a huge factor in user disengagement, particularly on websites where the user can easily find a competitor. But even where there is no competition between providers, friction can lead to disengagement - meaning fewer customers/members for your organisation.  Providing easy options, such as sign in with your Google, Microsoft, or other ‘social’ account, not only drastically shortens the journey for the user, it improves the journey success rate and lowers call centre costs.




Secure

Before the widespread use of claims authentication, also known as ‘modern auth’, application developers who wanted to consumers to sign into their applications would typically write their own code to do it.  This involves capturing the user name and password on a web-based form, checking it against a back-end database, and setting a cookie that the website can understand, indicating that the user is logged in.  Each one of these steps needs to be designed to combat security threats, and even well established frameworks and content management systems come with vulnerabilities if you go a few versions back.  Making and keeping it secure is costly.

Robust security controls, including built-in threat detection and multi-factor authentication (MFA), offer peace of mind that your customer identities are protected and secure.

Reliable

B2C is a highly available global service that scales to hundreds of millions of consumer identities. Built on an enterprise-grade secure platform, Azure Active Directory B2C keeps your applications, your business, and your consumers protected. 

You can rely on the ability to meet the demand of millions of users and billions of authentications every day – with the assurance that you’ll only ever pay for what you use.

Connected

Azure Active Directory B2C offers developers a better way to integrate consumer identity management into their applications with the help of a secure, standards-based platform and a rich set of extensible policies. When you use Azure Active Directory B2C, your consumers can sign up for your applications by using their existing social accounts (Facebook, Google, Amazon, LinkedIn) or by creating new credentials (email address and password, or username and password) -we call the latter "local accounts".

B2C supports open standards to integrate well with all technology stacks. Connect to your applications, your CRM system and website with ease.

My experiences with B2C

B2C had a rocky start back in 2016, launching a product which was functional and reliable, but lacked some of the bells and whistles of other authentication providers.  Strong on (for example) security and language support, some basic features such as customised emails were lacking.  After some serious investment by Microsoft, it is starting to look good on the world stage.  Of particular importance is the ability to customise emails as well as web pages, but many other features are now available out of the box, such as a range of MFA options.  I will explore these in later articles.

Comments

Post a Comment

Popular posts from this blog

Microsoft CIAM debuts at Build 2023

Image
For a long time we've been aware of Microsoft's efforts towards converging Azure Active Directory B2C and Azure Active Directory. They are making this change in order to provide a single stable product for the back end portal and other aspects of these identity services.  New developments will see a 'CIAM' product sitting on top of AAD - this replaces (or will eventually replace) B2C.   CIAM will also provide better experiences for developers hoping to build user journeys (sign in, sign up, etc.). Microsoft continues to support AAD B2C.  At time of writing it provides a fuller feature set.  However, B2C as-is will eventually retire, and migration paths will be important. The CIAM solution will offer more back-end management features, and an event-driven programming paradigm for user journeys. I will make more information available as and when!
Read more

LinkedIn now uses Verified ID for Employee verification

Image
  Microsoft Verified ID is a digital identity verification solution that enables individuals to obtain digital "credentials" from organisations that know them, or more accurately, that know some aspect of their identity.  For example, their name, their educational qualifications, or in this case, their employment status.  These credentials can then be shared with third-party organizations, such as employers or educational institutions, in a secure and trusted manner.  LinkedIn, which is owned by Microsoft, has integrated with Microsoft Verified ID to allow LinkedIn members to verify their employment status. Using this new integration, employers can create a custom process for verifying employees, and employees, once they have done this, can present the credential to LinkedIn in order to obtain the new green "check mark" on their LinkedIn profile. Currently this requires the LinkedIn app - at time of writing there is no announcement yet about migrating this feature t
Read more

Keeping safe beyond sign-in

Image
As The Register reports today , Microsoft briefly exposed a plethora of passwords and other secrets due to a bulk upload of data to GitHub recently. The data was a set of AI training data - data used to teach AI models how to understand the world around them. It makes no sense having the best locks on your front door if you leave the back door open... so what can we learn from this episode? Protecting passwords and other sensitive information from exposure to the wider world is essential for maintaining your online security. Here are some measures you can take: Use Strong, Unique Passwords: Create strong, complex passwords that are difficult to guess. Use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid common dictionary words or phrases. Ensure your passwords are at least 12-16 characters long. Use a passphrase, which is a sequence of random words or a sentence that's easy to remember but hard to crack. Use a Password Manager: A password man
Read more