Butterfly overlay image

Case Study

Integrating FIDO2 with Azure AD B2C: Secure customer authentication made simple

arrow icon arrow icon

Kocho takes a significant stride towards a secure, passwordless world, with improved customer experiences by merging FIDO2 with Azure AD B2C.

By integrating FIDO2 with Azure AD B2C, Kocho shifts customer identity management one step closer to a passwordless world of seamless, secure, and enhanced customer experience.

Working closely with a global telecommunications giant, our external identity team at Kocho has created an innovative new customer authentication solution.

Integrating FIDO2 authentication with Azure AD B2C.

The integration of FIDO2 with Azure AD B2C allows users to sign-in to online services using their devices without using a password.

It showcases the impact of addressing customer needs, and steers innovation towards the global standards of moving away from outdated, password-based authentication.

About the technologies

FIDO2 is a recognised industry standard for building password-less authentication.

Front cover thumbnail for FIDO enterprise YouTube video.
play icon 00:02:47 Play FIDO Enterprise Video video

Microsoft Azure AD B2C is the current Microsoft cloud-based external identity solution. A robust platform tailored for customer-facing applications.

It offers scalable, secure, and customisable authentication methods, including various options for diverse user experiences across industries.

However, while it offers flexible and seamless user journeys, it doesn’t offer any native integration with FIDO2.

The Ultimate Guide to External Identity Success

A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.

Why the need to integrate FIDO2 with Azure AD B2C?

Password-based authentication is insecure and no longer fit for purpose in a modern digital landscape.

Which is why all major identity platforms are moving towards password-less solutions.

Our challenge, therefore, was to resolve this gap and bring together the seamless experience offered by Azure AD B2C, with the secure password-less authentication offered by FIDO2.

The journey to integration

The journey commenced in January 2023 with the creation of a Proof of Concept (POC), showcasing device-based authentication potential for Azure AD B2C using FIDO2.

By March 2023, this innovative solution was presented at a workshop in the Netherlands, gaining recognition alongside Microsoft’s presentation.

By June 2023, the POC transitioned to our client team for integration into their expansive B2C solution. Marking the shift from concept to practical application.

This is now in User Acceptance Testing (UAT).

Watch the live demo of FIDO enrolment and authentication using Microsoft Azure AD B2C

Front cover thumbnail image for FIDO2-Azure AD B2C integration video
play icon 00:06:25 Play 6iDy8IkprwA video

Outcomes and Benefits

FIDO2 integrated into Azure AD B2C creates a powerful blend of security and user ease.

This integration fortified security by keeping credentials within the user’s device, defending against cyber threats like phishing.

It also enabled easy access using familiar methods like face ID or thumbprint. Multiple device enrolments with local FIDO credentials ensure a seamless user journey across platforms.

The introduction of PassKeys enhanced this integration by synchronising FIDO credentials across devices, simplifying authentication.

This synergy not only strengthened security against threats but also streamlined and unified user authentication, marking a milestone in authentication technology.

Significance of innovation

The integration marks a departure from vulnerable password systems towards a secure and user-centric authentication landscape.

It disrupts conventional authentication by addressing inherent password vulnerabilities, advancing security measures while prioritising user convenience.

Moreover, it aligns with evolving regulations and global privacy trends, advocating for a password-less future.

Beyond technological advancement, this integration prompts a re-evaluation of authentication strategies, fostering an environment where security and user experience converge seamlessly.

Ultimately, it will reshape the trajectory of digital identity verification.

Productionisation process

The cornerstone of our technical architecture is the web API, acting as the interface facilitating seamless integration between FIDO2 and Azure AD B2C.

During the proof of concept (POC) phase, FIDO credentials were transiently stored in-memory.

However, in the finalised production version, meticulous attention was given to scalability and longevity by transitioning to a robust Azure storage solution.

This transformation ensured the permanence and reliability of FIDO credential signatures, aligning the solution with our long-term viability objectives.

Furthermore, this enhanced solution was seamlessly integrated into the broader B2C ecosystem, harmonising with existing CIAM journeys and bolstering the overall user experience.

Who will feel the benefit of this?

Any organisation using Azure AD B2C, and who places a premium on customer experience and security, will feel the benefits of this innovation.

And because of FIDO2’s flexibility, this solution isn’t confined solely to Azure AD B2C. It’s able to harmonise effortlessly with various identity solutions.

Any organisation offering authenticated user services would find considerable value in adopting this cutting-edge authentication technology.

Conclusion

The project was a perfect example of applying industry expertise to customer requirement.

An integration of FIDO2 with Azure AD B2C that very few Microsoft partners have achieved worldwide.

A solution that not only benefits our client, but meets the wider demands of modern identity authentication.

Allowing organisations to move away from old password-based methods and embrace a more seamless, secure, and customer-centric solution for the future.

If you’d like to learn more about how this could benefit your organisation, get in touch with our team.

Key takeaways

  • FIDO2’s integration with Azure AD B2C redefines authentication paradigms, marrying top-tier security measures with a seamlessly intuitive user experience.

  • Azure AD B2C’s proficiency in customer identity and access management assures secure, adaptable authentication for diverse user bases across industries.

  • The genesis of this solution, fuelled by a client’s vision, underscores the potency of customer-centric approaches in sculpting innovative authentication methodologies.

  • FIDO2’s versatility transcends specific identity platforms, rendering it perfect for businesses prioritising security enhancement and user journeys.

The Ultimate Guide to External Identity Success

A 7-step plan to achieve seamless user access, the highest levels of security, and unrivalled user experiences.

tag icon

Great emails start here

Sign up for free resources and exclusive invites

Subscribe to the Kocho mailing list if you want:

  • Demos of the latest Microsoft tech
  • Invites to exclusive events and webinars
  • Resources that make your job easier
Butterfly overlay image

Got a question? Need more information?

Our expert team can help you.