Intro to Azure AD B2C

A lot of new features came out the last couple of years all focussed on enabling cloud scenarios for enterprises. This is achieved by bringing your corporate identity to the cloud using a hybrid scenario or by creating a whole new identity. These scenarios are all based on the Azure Active Directory type of tenant. Now Microsoft introduced a new type of tenant named Azure Active Directory Business to Consumer.

This brand new service in the Microsoft’s identity flagship is bringing a lot of new “consumer facing” functionalities to the enterprises. Managing your corporate identity using a single IdP is a common scenario and is nothing different like we did back in the days using AD. Managing customer identities on the other end is something, most enterprises, leave up to the different applications in the landscape itself (storing identities in its own databases). But by using Azure AD B2C this is not required anymore. This new Microsoft tenant is capable of establishing trust relationships with multiple applications and providing authentication services. Nothing new so far compared to the existing Azure AD tenant. What makes this B2C tenant so unique?

Azure AD B2C enables central managed customer identity scenarios. The main functionalities and benefits of the B2C tenant are:

  • Social Identity Provider login
  • Customer Self-Registration
  • Customizable branding pages
  • Pay as your Grow license model

By using Azure AD B2C,  enterprises are able to provide a central authentication service for all their customer facing web applications instead of configuring local an social logon for each web application individually. Bottom line this still enables a Single Sign On experience for the end-user and it brings more standardization and control to enterprise.

Another great functionality is the Self-Registration which can not be missed in most customer facing scenario’s. This functionality provides a standard Sign-up flow enabling the user to create a local (Azure AD) account or to Sign-up using a Social identity provider (e.g. Google, LinkedIn).

B2C also enables the company to brand the Sign-in and Sign-up UX flows. This is slightly different compared to the branding which comes with the standard Azure AD tenant. You are now able to change the the full UX by uploading your own HTML and CSS bringing a seamless UX to end-user.

Last but not least, this new tenant comes with another licensing model which is more in line with the Business to Consumer market. In the current model you are free to make use of the B2C upto 50.000 users and/or authentications. When you store more users or consume more authentications you will start paying for each users and authentication on a monthly basis.

Furthermore, it must be noted that you can also enable Multi-Factor authentication using a reduced rate (€0.0253 per authentication).

In my next post I will cover the technical steps to configure Azure AD B2C.