Microsoft Azure Active Directory B2C is a cloud-based identity and access management service focused on facilitating business to consumer applications. It is used for authentication, authorization and allows users (consumers) to authenticate quickly by using social media logins (including Facebook, LinkedIn and Google, Amazon, and Microsoft accounts).These services simplify account creation process by consumers and add self-management. That means that users can change their sign-up and profile details, and to reset the passwords they create.
Depending on the company’s needs and strategy, you can choose between two types of Azure AD B2C:
Azure AD B2C Basic: Azure AD for “basic needs” leverages a dedicated “Microsoft Basic Trust Framework” in which you can customize policies.
Azure AD B2C Premium: Premium edition gives you full control, and thus allows you to author and create your own Trust Framework through declarative policies. Azure AD B2C Basic is upgradable to the premium edition at any time, with a smooth migration path for the customized policies.
The extensible policy framework of Azure Active Directory (Azure AD) B2C is the key strength of the service. It could be simply explained by the following structure:
Sign up policies – offer basic settings: identity providers, application claims and MFA settings and Sign in policies – offer the same basic settings as sign up policies, but they do not have settings for information that a user has to supply.
The other advantage of Azure AD is to provide you the ability to create multiple policies of different types in your tenant and use them in your applications as needed. Policies can be reused across applications. This flexibility enables developers to define and modify consumer identity experiences with minimal or no changes to their code. (Source: Microsoft).
Azure Active Directory B2C helps organizations to build a cloud identity directory for their customers, so there is no need of on-premises AD. Thanks to that solution, enterprises are able keep their applications, business, and the customers protected. In contrast to Azure B2B, Azure B2C does not support SSO to Office 365 or to other Microsoft and non-Microsoft SaaS apps. The applications, able to work with Azure AD B2C should be based on OAuth 2.0 and OpenID Connect standards.
When our clients ask us why we use Azure AD B2C we are always ready with an answer listing the main benefits that solution brings:
- Convenience: Handles multi-factor authentication and password self-service reset with just a flip of a switch.
- Time Savings: The solution is relatively quick to deploy.
- Cost Savings: A lot of third-party authentication services are expensive. Azure AD B2C is pay-as-you-go and has reasonable prices.
- Security: Delivers integration with multi-factor authentication (an important element regarding security and upcoming regulations under the GDPR).
- Integration: It can integrate with additional data sources and services to build a single consumer identity view.