What is CIAM ?
In today's digital world, seamless customer experiences are no longer a luxury; they're a necessity. Customers expect to effortlessly sign up, log in, and access the services they need across various platforms. This is where Customer Identity and Access Management (CIAM) comes in.
CIAM is the digital backbone that empowers secure and convenient customer interactions. It's a suite of technologies and processes that manage how customers identify themselves and access your company's online properties. Think of it as the digital ID checker at the entrance to your online world.
What is Azure AD B2C?
Azure AD B2C is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. It manages the authentication platform's scaling and safety, monitors it, and automatically handles threats like denial-of-service, password spray, or brute force attacks.
Azure AD B2C is a separate service from Azure Active Directory (Azure AD). It is built on the same technology as Azure AD but for a different purpose. It allows businesses to build customer-facing applications and then allows anyone to sign up for those applications with no restrictions on user accounts.
Some of the major advantages using Azure AD B2C :
Integrating with social accounts such as Facebook or Google+ requires additional work. By using Azure AD B2C, this work is offloaded to Microsoft and developers can concentrate more on the core functionalities to be developed in the application. Azure AD B2C also handles multi-factor authentication and password self-service reset by applying some basic configurations.
Implementing Azure AD B2C is very cost effective due to reasonable pricing compared to other providers or developing your own identity management framework. The first 50,000 authentications and users are free. More details on pricing can be found here.
The authentication system provided by Azure AD B2C is very secure for protecting user identity and credentials. Azure AD B2C provides identity as a service for your apps by supporting two industry-standard protocols: OpenID Connect and OAuth 2.0.
Azure AD B2C Account Type
Azure AD B2C defines several types of user accounts, which are shared by Azure Active Directory, Azure Active Directory B2B, and Azure Active Directory B2C.
Work account
Users with work accounts can manage resources in a tenant, and users with an administrator role can also manage tenants. Users with work accounts can create new consumer accounts, reset passwords, block/unblock accounts, set permissions, or assign an account to a security group.
Guest account
External users, you invite your tenant as guests. A typical scenario for inviting a guest user to your Azure AD B2C tenant is to share administration responsibilities.
Consumer account
Accounts that are managed by Azure AD B2C user flows and custom policies.
Azure AD B2C tenant
In Azure Active Directory B2C (Azure AD B2C), a tenant represents your organization and is a directory of users. Each Azure AD B2C tenant is distinct and separate from other Azure AD B2C tenants. An Azure AD B2C tenant is different from an Azure Active Directory tenant, which you may already have.
The primary resources you work within an Azure AD B2C tenant are:
Directory
The directory is where Azure AD B2C stores your users' credentials, profile data, and application registrations.
Application registrations
Register your web, mobile, and native applications with Azure AD B2C to enable identity management. You can also register any APIs you want to protect with Azure AD B2C.
User flows and custom policies
Create identity experiences for your applications with built-in user flows and fully configurable custom policies:
User flows help you quickly enable common identity tasks like sign-up, sign-in, and profile editing.
Custom policies let you build complex identity workflows unique to your organization, customers, employees, partners, and citizens.
Sign-in options
Azure AD B2C offers various sign-up and sign-in options for users of your applications:
Username, email, and phone sign-in - Configure your Azure AD B2C local accounts to allow sign-up and sign-in with a username, email address, phone number, or a combination of methods.
Social identity providers - Federate with social providers like Facebook, LinkedIn, or Twitter.
External identity providers - Federate with standard identity protocols like OAuth 2.0, OpenID Connect, and more.
Keys
Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords.
Azure AD B2C Use Case
Any business or individual who wishes to authenticate end users to their web/mobile applications using a white-label authentication solution. Apart from authentication, Azure AD B2C service is used for authorization, such as access to API resources by authenticated users. Azure AD B2C is meant to be used by IT administrators and developers
Azure AD B2C Login Flow
Supported Azure AD Features
Comments