What is Azure Active Directory B2C?

How important is secure identity management to you? If you’re like most, it is a top priority. Intoday’s post I’ll talk about Azure Active Directory B2C which is anidentity management service that enables you to customize and controlhow users securely interact with your web, desktop, mobile or evensingle applications.

Using Azure AD B2C, users can sign up, sign in, reset passwords and edit profiles for the various applications they’re using.

When implementing these policies, we’ll have two choices:

  • Using common identity user flows within the Azure portal or,
  • For the more skilled developer or if the templates in the portaldon’t support your use case, you can use XML based custom policies.

Once you make that decision, your choice will define the path ofauthentication, commonly referred to as the user journey. User journeysallow you to control behaviors by configuring some settings; things likesocial accounts (like Facebook) that the user uses to sign up for theapplication.

Data collected from the user as a first name or postal code would beused for authentication. You also have multi-factor authenticationoptions, as well as the look and feel of how users interact with pagesand information returned to the application.

Azure Active Directory B2C supports the open ID connect and the OAuth2 protocols for these user journeys. These protocols will helpultimately receive a token that will allow for you to be authenticated.The interaction of every application follows a similar high-levelpattern shown in the graphic below:

AAD B2C Flow

The steps here are:

1. The application directs the user to run a policy.

2. The user completes the policy according to the policy definition.

3. Then the application receives a token.

4. And then uses that token to try to a resource.

5. The resource server then validates the token to verify that access can be granted.

6. And the application will periodically refresh in the background ( there really are 5 steps but this 6th step is happening over and over).

Azure AD B2C can also work with additional identity providers such asAmazon, Facebook and Google that will create, maintain and manageidentity information while providing authentication services to their(and other) applications.

Typically, you would only use one identity provider in yourapplication but there are no restrictions for using more if your usecase calls for it.

The main value for this service is the ability to lessen theneed for username and password management for so many applications, thusimproving the user experience. Our lives have been made a bit easiersince we now have many applications, both web and desktop based, thatallow that single sign on or no sign on experience because they arealready pre-authenticated with a service like this.

Articles: 113

Leave a Reply

Your email address will not be published. Required fields are marked *