Azure AD B2C Offers an Identity Expert in a Box
If you are developing business to consumer applications but you're not an expert in configuring secure identity management, Microsoft says it can provide everything you need with its Azure Active Directory (AD) Business to Consumer (B2C) identity offering.
AD B2C will do all the heavy lifting when it comes to things like third-party authentication, Single Sign On (SSO) and even protection against Denial of Service and brute force password attacks, the Redmond-based software company says.
To show how easy it is for developers to use, Microsoft produced a YouTube video titled What is Azure Active Directory B2C? In the video, posted this month, Adam Stoffel, Senior Product Manager Azure AD, makes a bold statement: "Microsoft will act as the secure front door to any of these applications and we'll worry about the safety and scalability of the authentication platform."
Azure AD B2C is what Stoffel calls "a white label authentication solution," which developers can customize with the look-and-feel of their web or mobile app with a little HTML, CSS, or JavaScript programing. While B2C, as the Microsoft people refer to this product, is busy in the backend making sure the customers logging in are who they say they are and aren't bad guys, your customers will feel they are interacting with your company. For their convenience, your customers can use their social identities, including Twitter, Facebook and LinkedIn, to sign up and sign on. B2C uses authentication protocols including OpenID Connect, OAuth2, and XAML and can integrate with off-the-shelf software packages.
"B2C can also centralize collection of user profiles and preference information and capture detailed analytics information about behavior and sign up conversion," Stoffel explains. "By serving as central authentication authority for all your applications, B2C provides you with a way to build a single sign on for any API, web or mobile application. We will handle things like denial of service, password spray and brute force attacks, so you can focus on your core business and stay out of the identity business."
Microsoft is clearly assuming most B2C developers want to stay out of the identity business.
The video includes a demo of Azure AD B2C doing its stuff for an online grocery store. It shows how signing up and signing on looks to the user. It also shows how the user profiles can be customized. Say you are allergic to peanuts. The application will flag any product with ingredients that might impact your allergy.
Read All About It
For those developers who actually want to read documentation rather than watch how-to videos. Microsoft has some detail instructions on using Azure AD B2C.
There is actually a written version of What is Azure Active Directory B2C? that is a little more technical and freer of marketing hype. The authors, a committee of Microsoft techies, aim this documentation at all levels of expertise.
"If you're an application developer with or without identity expertise, you might choose to define common identity user flows using the Azure portal," they explain. "If you are an identity professional, systems integrator, consultant, or on an in-house identity team, are comfortable with OpenID Connect flows, and understand identity providers and claims-based authentication, you might choose XML-based custom policies."
This doc covers:
- Protocols and tokens
- Tenants and applications
- User journeys
- Identity providers
- Page customization
- Developer resources
This doc takes about eight minutes to read if you don't move your lips.
There are also links in it to more documentation and tutorials.
Up Close and Personal Training
If your preference runs to hands-on learning rather than watching videos or reading copious amounts of documentation, VS Live! in Chicago, Oct. 6 – 10, offers Reach Any User on Any Platform with Azure AD B2C. Nick Pinheiro, Microsoft Cloud & Software Architect, will be the instructor for this session aimed at the introductory to Intermediate level.
"In this session," the description says, "you will learn how to allow users to login to your web or mobile apps with their social and consumer identities or email address with Azure AD B2C. Technologies include: Azure AD B2C, Azure App Service, API Apps, Xamarin and more."
It will cover:
- Enabling and configuring Azure AD's Business to Consumer (B2C) identity offering
- Using the Microsoft Graph API to access the user data in Azure AD B2C
- Integrating your existing app identity with Azure AD B2C
Posted by Richard Seeley on 09/19/2019