Azure AD B2C
Updated: Oct 27, 2022
Azure AD B2C is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.
Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer facing applications, and then allow anyone to sign up into those applications with no restrictions on user account.
Some of the major advantages of using Azure AD B2C are:
Integrating with social accounts such as Facebook or Google+ requires additional work. By using Azure AD B2C, this work is offloaded to Microsoft and developers can concentrate more on the core functionalities to be developed in the application. Azure AD B2C also handles multi-factor authentication and password self-service reset by applying some basic configurations.
Implementing Azure AD B2C is very cost effective due to reasonable pricing compared to other providers or developing your own identity management framework. The first 50,000 authentications and users are free. More details on pricing can be found here.
The authentication system provided by Azure AD B2C is very secure for protecting user identity and credentials. Azure AD B2C provides identity as a service for your apps by supporting two industry standard protocols: OpenID Connect and OAuth 2.0.
Azure AD B2C Account Type -
Azure AD B2C defines several types of user accounts. Azure Active Directory, Azure Active Directory B2B, and Azure Active Directory B2C share these account types.
Work account - Users with work accounts can manage resources in a tenant, and with an administrator role, can also manage tenants. Users with work accounts can create new consumer accounts, reset passwords, block/unblock accounts, and set permissions or assign an account to a security group.
Guest account - External users you invite to your tenant as guests. A typical scenario for inviting a guest user to your Azure AD B2C tenant is to share administration responsibilities.
Consumer account - Accounts that are managed by Azure AD B2C user flows and custom policies.
Azure AD B2C tenant
In Azure Active Directory B2C (Azure AD B2C), a tenant represents your organization and is a directory of users. Each Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. An Azure AD B2C tenant is different than an Azure Active Directory tenant, which you may already have.
The primary resources you work with in an Azure AD B2C tenant are:
Directory - The directory is where Azure AD B2C stores your users' credentials, profile data, and your application registrations.
Application registrations - Register your web, mobile, and native applications with Azure AD B2C to enable identity management. You can also register any APIs you want to protect with Azure AD B2C.
User flows and custom policies - Create identity experiences for your applications with built-in user flows and fully configurable custom policies:
User flows help you quickly enable common identity tasks like sign-up, sign-in, and profile editing.
Custom policies let you build complex identity workflows unique to your organization, customers, employees, partners, and citizens.
Sign-in options - Azure AD B2C offers various sign-up and sign-in options for users of your applications:
Username, email, and phone sign-in - Configure your Azure AD B2C local accounts to allow sign-up and sign-in with a username, email address, phone number, or a combination of methods.
Social identity providers - Federate with social providers like Facebook, LinkedIn, or Twitter.
External identity providers - Federate with standard identity protocols like OAuth 2.0, OpenID Connect, and more.
Keys - Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords.
Azure AD B2C Use Case –
Any business or individual who wishes to authenticate end users to their web/mobile applications using a white-label authentication solution. Apart from authentication, Azure AD B2C service is used for authorization such as access to API resources by authenticated users. Azure AD B2C is meant to be used by IT administrators and developers