Microsoft recently announced a new CIAM solution: Entra External ID for Customers. But it still has a way to go before replacing Azure AD B2C. Here’s how the products currently stack up.
You may have heard about the recent Microsoft announcement regarding their new customer identity and access management (CIAM) solution, Entra External ID for Customers.
So what does this mean for existing users of Microsoft Azure AD B2C (B2C)? Or even for those considering a new way to manage external identity and customer sign ins.
Stick with B2C? Or is it time to consider moving to the new CIAM solution?
Let’s unpick things, as they stand today.
What should you expect from an identity provider for your customer-facing website?
If you engage with end users over web or mobile apps, there are two key factors you need from your authentication platform:
- Security
- Usability
Now, as any proficient security expert will tell you, developing an in-house sign-in solution will open you up to serious security vulnerabilities.
Which is why organisations turn to solutions like Azure AD B2C.
Free Guide
The ultimate guide to external identity success
A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.
Discover:
- How to reduce account compromise attacks by 99%
- Why the right IAM solution can increase ROI by 123%
- How to achieve compliance through good governance
Azure AD B2C offers secure, consistent, and customised user-experiences
B2C provides industry-strength security at every level. It uses tried and tested protocols and accredited credential storage, along with user and session risk detection. Making it the most secure Single Sign On (SSO) solution on the market.
It also provides custom policies for complete flexibility when building user authentication journeys.
B2C keeps users within the secure environment of Microsoft Azure, while also offering full customisation over their:
- Look and feel
- Data capture
- System-to-system calls
- Decision making
- Changes of flow
Furthermore, B2C provides a seriously user-centric and engaging experience. This includes options for social login (Facebook, Google, etc.) and an increasing range of options for MFA and other forms of sign-in.
Since launching in 2016, B2C has grown dramatically. Today it offers a broad range of customisation features (e.g. email), multiple MFA and sign-in options. It also offers Conditional Access, plus better support for domain names, single sign-out, merged sign-in methods, and age-gating.
To name just a few!
The Microsoft vision for the future of CIAM
Microsoft’s strategy going forward is a re-imagining of the platform.
For starters, the new version has a new name: Entra External ID for Customers.
The major defining factor in the new product is that it’s built on exactly the same platform as Entra ID (formerly Azure AD). Meaning any new Entra ID back-end features will automatically flow through to External ID.
Other changes though, include an event-based model for managing the user journey.
However, it’s worth considering that, at present, the new product currently has the following limitations when compared to the feature-rich versatility of B2C:
Federation
B2C can federate to any OAuth/SAML compliant identity providers (IdPs).
It also provides easy-to-setup connectors to dozens of popular IdPs including:
- Entra ID
- Amazon
- Apple
Plus a number of others.
On the other hand, the new Entra External ID for Customers is currently limited to three IdPs:
- Entra ID
Multi-factor authentication (MFA)
B2C offers a range of MFA options, with email, phone call, text, and the Microsoft Authenticator app supported out of the box.
It also provides further options available via custom policies.
Furthermore, B2C offers Conditional Access, which can limit the number of MFA challenges for trusted sessions. At present the new solution only offers basic email-based MFA.
UI and UX
While B2C offers full customisation using HTML and CSS, Entra External ID only offers a set menu of “company branding” options.
B2C also provides branching and flow configuration, and flexible API calls. Again, the new CIAM solution currently only offers a limited set of event triggers which can alter or stop the user flow.
Monitoring and admin
B2C allows you to send sign in logs and custom trace logs to Log Analytics for analysis.
For now, Entra External ID for Customers’ support for this kind of activity is very limited.
Entra represents the future, but B2C remains the feature-rich preference for the time being
Microsoft see Entra External ID for Customers as the future of their CIAM offering.
However, as a product it remains very much in its infancy. It’s currently missing core features you would expect from any identity provider, and is running at under 50% feature parity with AAD B2C.
For now, and for the foreseeable future, B2C remains the preferred solution.
Of course, over time, new features will become available in the Entra solution, allowing for seamless migrations to be carried out. But that would only be advised once the new CIAM product is in a better state.
If you’d like more information on the different identity options available, or to discuss what’s best for your organisation, then please do get in touch.
Watch this space
Customer identity management is evolving rapidly, with new solutions, developments, and innovations emerging all the time.
As leading Microsoft partners in identity and access management, we make it our business to stay on the cutting-edge. Ensuring we can keep you informed and enabling us to deliver the right solutions with the latest tech to our customers.
So why not sign-up to our newsletter and stay ahead of the game?
Free Guide
The ultimate guide to external identity success
A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.
Discover:
- How to reduce account compromise attacks by 99%
- Why the right IAM solution can increase ROI by 123%
- How to achieve compliance through good governance
Great emails start here
Sign up for free resources and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
Don't Miss
Great external identity resources
Staying ahead of cybercrime in 2025: Threat protection best practice with Microsoft Sentinel
Microsoft Tech Update: Ignite Cyber Security Special
Microsoft Purview: Enable compliance and enhance Copilot for Microsoft 365 adoption
Navigating CAF 3.2: Implementing Advanced Identity for Critical National Infrastructure
Got a question? Need more information?
Our expert team is here to help.