Lines overlay image

Blog | 2-minute Read

Entra External ID is Microsoft’s latest CIAM solution. But is it ready to replace Azure AD B2C?

Marcus Idle profile headshot

Marcus Idle

Head of External Identity

Published: 04 September 2023

Microsoft recently announced a new CIAM solution: Entra External ID for Customers. But it still has a way to go before replacing Azure AD B2C. Here’s how the products currently stack up. 

You may have heard about the recent Microsoft announcement regarding their new customer identity and access management (CIAM) solution, Entra External ID for Customers.

So what does this mean for existing users of Microsoft Azure AD B2C (B2C)? Or even for those considering a new way to manage external identity and customer sign ins.

Stick with B2C? Or is it time to consider moving to the new CIAM solution?

Let’s unpick things, as they stand today.

What should you expect from an identity provider for your customer-facing website?

If you engage with end users over web or mobile apps, there are two key factors you need from your authentication platform:

  • Security
  • Usability

Now, as any proficient security expert will tell you, developing an in-house sign-in solution will open you up to serious security vulnerabilities.

Which is why organisations turn to solutions like Azure AD B2C.

tag icon

Free Guide

The ultimate guide to external identity success

A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.

Discover:

  • How to reduce account compromise attacks by 99%
  • Why the right IAM solution can increase ROI by 123%
  • How to achieve compliance through good governance

Azure AD B2C offers secure, consistent, and customised user-experiences

B2C provides industry-strength security at every level. It uses tried and tested protocols and accredited credential storage, along with user and session risk detection. Making it the most secure Single Sign On (SSO) solution on the market.

It also provides custom policies for complete flexibility when building user authentication journeys.

B2C keeps users within the secure environment of Microsoft Azure, while also offering full customisation over their:

  • Look and feel
  • Data capture
  • System-to-system calls
  • Decision making
  • Changes of flow

Furthermore, B2C provides a seriously user-centric and engaging experience. This includes options for social login (Facebook, Google, etc.) and an increasing range of options for MFA and other forms of sign-in.

Since launching in 2016, B2C has grown dramatically. Today it offers a broad range of customisation features (e.g. email), multiple MFA and sign-in options. It also offers Conditional Access, plus better support for domain names, single sign-out, merged sign-in methods, and age-gating.

To name just a few!

The Microsoft vision for the future of CIAM

Microsoft’s strategy going forward is a re-imagining of the platform.

For starters, the new version has a new name: Entra External ID for Customers.

The major defining factor in the new product is that it’s built on exactly the same platform as Entra ID (formerly Azure AD). Meaning any new Entra ID back-end features will automatically flow through to External ID.

Other changes though, include an event-based model for managing the user journey.

However, it’s worth considering that, at present, the new product currently has the following limitations when compared to the feature-rich versatility of B2C:

Federation

B2C can federate to any OAuth/SAML compliant identity providers (IdPs).

It also provides easy-to-setup connectors to dozens of popular IdPs including:

  • Entra ID
  • Google
  • Facebook
  • Amazon
  • Apple
  • Twitter
  • Weibo

Plus a number of others.

On the other hand, the new Entra External ID for Customers is currently limited to three IdPs:

  • Entra ID
  • Google
  • Facebook

Multi-factor authentication (MFA)

B2C offers a range of MFA options, with email, phone call, text, and the Microsoft Authenticator app supported out of the box.

It also provides further options available via custom policies.

Furthermore, B2C offers Conditional Access, which can limit the number of MFA challenges for trusted sessions. At present the new solution only offers basic email-based MFA.

UI and UX

While B2C offers full customisation using HTML and CSS, Entra External ID only offers a set menu of “company branding” options.

B2C also provides branching and flow configuration, and flexible API calls. Again, the new CIAM solution currently only offers a limited set of event triggers which can alter or stop the user flow.

Monitoring and admin

B2C allows you to send sign in logs and custom trace logs to Log Analytics for analysis.

For now, Entra External ID for Customers’ support for this kind of activity is very limited.

Entra represents the future, but B2C remains the feature-rich preference for the time being

Microsoft see Entra External ID for Customers as the future of their CIAM offering.

However, as a product it remains very much in its infancy. It’s currently missing core features you would expect from any identity provider, and is running at under 50% feature parity with AAD B2C.

For now, and for the foreseeable future, B2C remains the preferred solution.

Of course, over time, new features will become available in the Entra solution, allowing for seamless migrations to be carried out. But that would only be advised once the new CIAM product is in a better state.

If you’d like more information on the different identity options available, or to discuss what’s best for your organisation, then please do get in touch.

Watch this space

Customer identity management is evolving rapidly, with new solutions, developments, and innovations emerging all the time.

As leading Microsoft partners in identity and access management, we make it our business to stay on the cutting-edge. Ensuring we can keep you informed and enabling us to deliver the right solutions with the latest tech to our customers.

So why not sign-up to our newsletter and stay ahead of the game?

tag icon

Free Guide

The ultimate guide to external identity success

A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.

Discover:

  • How to reduce account compromise attacks by 99%
  • Why the right IAM solution can increase ROI by 123%
  • How to achieve compliance through good governance
tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image
Marcus Idle profile headshot

Author

Marcus Idle

Head of External Identity

Marcus has built a busy External Identity practice working with Azure AD B2C, B2B, and Identity Governance features. He’s passionate about bringing cloud and external identity to life to solve our clients’ business problems.

Butterfly overlay image

Got a question? Need more information?

Our expert team is here to help.