What is Microsoft Azure AD B2C?

Your customers have wholeheartedly embraced the ease and convenience of the digital world. They expect hassle-free, customer identity management, signing-in to your services in the manner they choose.

No one wants to memorise hundreds of different login credentials. They want the freedom to use their pre-existing digital identities to login to your online portals.

And if you offer more than one service, your customers certainly won’t want to keep track of yet another login credential. Customers expect to be able to login once and have full access to all your services.

But this ease of access also needs to be secure. People accessing your services expect to be safe. And this needs to be scalable for thousands of users, and huge spikes in demand every day – All without risking business continuity.

How can your organisation provide secure, seamless, single sign-on for your thousands or possibly millions of customers?

Fortunately, the answer lies within Azure AD External Identities. Enter Microsoft’s customer identity access management platform, Azure AD B2C.

What is Azure AD B2C?

Azure AD B2C is a customer identity access management (CIAM) platform, providing business-to-customer identity as a service.

Built on the same technology as Azure AD, it’s a separate service designed for large scale authentication. It’s powerful enough to support millions of users and billions of authentications per day.

With Azure AD B2C, businesses can build customer facing applications which allow anyone to sign-up and into those applications. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications.

It takes care of the scaling and safety of the authentication platform – Monitoring and handling threats like denial-of-service, password spray, or brute force attacks automatically.

How does Azure AD B2C work?

B2C operates in the Azure cloud, but you can connect to it anywhere.

The directory of user credentials and other attributes resides in Azure, and is accessible only via Graph API, the Azure Portal, or B2C policies/flows.

The authentication experience (sign-up, sign-in etc.) is also hosted in the Azure cloud. Your website will redirect the user to B2C to complete any sign-in activity.

This is the most secure way for authentication to take place. Everything authentication related is controlled and monitored very closely by Microsoft Azure.

However, while Azure tackles the security and authentication, the customer experience is customisable. You can brand this experience using external templates, so that it looks and feels like your website – Maintaining that all important brand consistency for your organisation.

Meanwhile, policies or user flows are configured by developers to orchestrate the authentication experiences. For example, if any additional attributes need to be requested from the user or stored in the directory, or any back-office communication needs to happen.

To get up and running with B2C, you need at least a sign-up/sign-in policy, and you need to integrate your website.

Various integration models exist, e.g. for different languages and frameworks, server-side, SPA based sites, or mobile apps – and these are all well documented on the Microsoft website.

What are the benefits of Azure AD B2C?

Azure AD B2C comes with a whole host of benefits for your customers, and for you. Let’s examine them here.

Frictionless commerce

Having to create yet another password is a huge factor in user disengagement. In fact, 88% of users are less likely to return to a website after a bad experience. Any customer friction can easily translate into fewer customers/members for your organisation.

Providing easy options, such as sign in with your Google, Microsoft, or other ‘social’ account drastically shortens the journey for the user. It also improves the journey success rate and lowers call centre costs.

Security

Before the widespread use of claims authentication, application developers who wanted consumers to sign into their applications would typically write their own code to do it.

This involves capturing the user name and password on a web-based form, checking it against a back-end database, and setting a cookie that the website can understand, indicating that the user is logged in.

Each one of these steps needs to be designed to combat security threats. Even well-established frameworks and content management systems come with vulnerabilities if you go a few versions back.  Making and keeping it secure is costly.

Robust security controls in B2C, including built-in threat detection and multi-factor authentication (MFA), offer peace of mind that your customer identities are protected and secure.

Multi-factor authentication (MFA)

Azure AD B2C provides multi-factor authentication out-of-the-box.

This is the process of verifying the user is who they say they are, using more than one factor. For example, something they know (like a password), something they have (such as a phone), and something they are (biometric data).

Since the launch of B2C, Microsoft have extended the out-of-the-box MFA options from just phone call/text, to email and authenticator app. And there are also ways to plug in custom methods.

Connectivity/Easy Integration

Azure Active Directory B2C offers developers a better way to integrate consumer identity management into their applications.

They do this with a secure, standards-based platform, and a rich set of policies that can be changed by the people who use them. More accurately reflecting how they use them.

When you use Azure Active Directory B2C, your consumers can sign up for your applications by using their existing social accounts (Facebook, Google, Amazon, LinkedIn).

They can also create new credentials (email address and password, or username and password). We call these ‘local accounts’.

B2C supports open standards to integrate well with all technology stacks. You can connect to your applications, your CRM system, and website with ease.

Integrating B2C with your website can be achieved by adding a few lines of code to the back end code (or front end in the case of single page apps). This lets users log-in or sign-up using their Azure AD B2C accounts.

In addition to website integration, Azure AD B2C can also be integrated with your back-office systems and platforms using APIs and other integration methods. This allows your organisation to extend the capabilities of Azure AD B2C and tailor it to meet your specific needs and requirements.

An easy to understand pricing model

Azure AD B2C is also a cost-effective solution for companies. Offered on a pay-as-you-go basis, companies only pay for the resources and services they use.

This makes Azure AD B2C affordable and value-for-money, regardless of size.

Reliability

B2C is a highly available global service that scales to hundreds of millions of consumer identities. Built on an enterprise-grade secure platform, Azure AD B2C keeps your applications, your business, and your consumers protected.

You can rely on the ability to meet the demand of millions of users and billions of authentications every day. And you can rest assured that you’ll only ever pay for what you use.

Why would you use Azure AD B2C?

The need for B2C can be broken down into three main areas:

For real world examples of Azure AD B2C implementation for each of these three use cases, please feel free to view our case studies, which include the world’s largest B2C deployment for a leading telecoms giant, encompassing 150 apps and four distinct brands.

Azure B2C vs. Azure B2B: What’s the difference?

Azure AD’s external identities has two functionalities that are similar, but distinct in their own rights: B2C and of course, B2B.

Azure AD B2B allows you to invite external users as guests for collaboration with your organisation. You can invite them to sign in to your Azure AD with their own credentials.

This lets them securely access your:

• Resources
• Data
• Applications

However, you stay in full control over what your external partners can access.

Azure AD B2B is not dependant on the size of the external partner. It doesn’t matter if they don’t have Azure AD themselves. It doesn’t even matter if they have an IT department.

B2C and B2B are currently separate products. However, much of the functionality you could previously only find in B2C is showing up in B2B now.

Microsoft recently redesigned their company branding feature, which gives users a more flexible, user-centric customisation of the built-in identity flows in Azure AD. This is now also available in B2B.

The trend in Microsoft is towards convergence of products. We may well see Microsoft bring all the functionality of both products into a single external identity portal, and retire the B2B and B2C labels altogether.

For a more comprehensive exploration of Azure AD B2B, see our B2B explainer blog here.

How to enable Azure AD B2C

Firstly, you’ll need a subscription to Azure AD. You can enable Azure AD B2C in four simple steps.

1: Create a new directory

Log in to the Azure portal with your existing Azure subscription. You can also do this by starting a free trial. On the left, click on New, and look for B2C. Click on Create.

2: Complete the fields

Click on Create a new Azure AD B2C tenant. Fill in all the fields when prompted. Then, click on Create, and wait for creation of your directory to finish.

3: Access your new Azure AD B2C Directory

When your directory is created, you’ll be notified with a prompt that your new directory is ready. There’ll be a link in the prompt to access your new directory.

4: Configure your Azure AD B2C Directory

The B2C settings will appear. You can configure and manage your Azure AD B2C directory here.

Is Azure AD B2C free?

Azure AD B2C isn’t priced as a separate service, but as part of External Identities. External Identities pricing is based on the number of monthly active users (MAU) you have.

There are three tiers of pricing in External Identities.

• Free Tier: This tier means that the first 50,000 MAUs per month are free for Premium P1 and Premium P2 features.
• Flexible: This tier lets you connect with your customers/partners based on usage and features, instead of licences you own.
• Predictable: With this tier, you only pay for what you use. You don’t get charged for a MAU’s additional authentications. There’s also no extra charge for storing inactive users in that calendar month.

This pricing model is designed to be flexible, cost-efficient and make billing easy to predict. It reflects what you use, not what licences you have.

With 50,000 free MAU’s at each tier, this means that most customers can use Azure AD External Identities for free.

What licensing do you need for Azure B2C?

Azure AD B2C is a functionality of External Identities, which is part of the Azure AD technology stack. You don’t need a separate licence for B2C, as having a licence for Azure AD gives you access to the entire suite of External Identities features.

Azure AD comes in four editions;

Free

You’ll have access to Azure AD if you have a subscription to any Microsoft commercial online service (e.g. Microsoft Azure, or Office 365).

With Office 365 apps

The free edition will also be included with any Office 365 subscriptions. Additionally, Office 365 E1, E3, E5, F1 and F3 subscriptions will also include Azure AD features listed under Office 365 apps.

Premium P1 / Premium P2

You can buy P1 and P2 subscriptions via:

• Your Microsoft representative.
• The Open Volume Licence programme.
• Cloud Solution Providers programme.

Additionally, If you’re a subscriber to Azure and Office 365, you can also buy Azure Active Directory Premium P1 and P2 online.

Conclusion

Overall, the deployment of Azure AD B2C provides a positive experience for many companies. It allows them to easily and securely manage the identity and access needs of their users.

With B2C, companies can easily and securely authenticate and authorize their customers and partners – through various authentication methods, such as email/password, social logins, and multi-factor authentication.

Using Azure AD B2C, you can provide your users with a convenient and secure way to access their resources and services.

B2C can be easily customised to meet the specific needs and requirements of your organisation through the use of policies, which allow you to define the authentication and authorisation rules for their users.

Companies can also use Azure AD B2C to manage and control access to their systems and applications, ensuring that only authorised users have access to sensitive information.

Key takeaways

Next steps