Integrating FIDO2 with Azure AD B2C: Secure customer authentication made simple

Working closely with a global telecommunications giant, our external identity team at Kocho has created an innovative new customer authentication solution.

Integrating FIDO2 authentication with Azure AD B2C.

The integration of FIDO2 with Azure AD B2C allows users to sign-in to online services using their devices without using a password.

It showcases the impact of addressing customer needs, and steers innovation towards the global standards of moving away from outdated, password-based authentication.

About the technologies

FIDO2 is a recognised industry standard for building password-less authentication.

Microsoft Azure AD B2C is the current Microsoft cloud-based external identity solution. A robust platform tailored for customer-facing applications.

It offers scalable, secure, and customisable authentication methods, including various options for diverse user experiences across industries.

However, while it offers flexible and seamless user journeys, it doesn’t offer any native integration with FIDO2.

Why the need to integrate FIDO2 with Azure AD B2C?

Password-based authentication is insecure and no longer fit for purpose in a modern digital landscape.

Which is why all major identity platforms are moving towards password-less solutions.

Our challenge, therefore, was to resolve this gap and bring together the seamless experience offered by Azure AD B2C, with the secure password-less authentication offered by FIDO2.

The journey to integration

The journey commenced in January 2023 with the creation of a Proof of Concept (POC), showcasing device-based authentication potential for Azure AD B2C using FIDO2.

By March 2023, this innovative solution was presented at a workshop in the Netherlands, gaining recognition alongside Microsoft’s presentation.

By June 2023, the POC transitioned to our client team for integration into their expansive B2C solution. Marking the shift from concept to practical application.

This is now in User Acceptance Testing (UAT).

Watch the live demo of FIDO enrolment and authentication using Microsoft Azure AD B2C

Outcomes and Benefits

FIDO2 integrated into Azure AD B2C creates a powerful blend of security and user ease.

This integration fortified security by keeping credentials within the user’s device, defending against cyber threats like phishing.

It also enabled easy access using familiar methods like face ID or thumbprint. Multiple device enrolments with local FIDO credentials ensure a seamless user journey across platforms.

The introduction of PassKeys enhanced this integration by synchronising FIDO credentials across devices, simplifying authentication.

This synergy not only strengthened security against threats but also streamlined and unified user authentication, marking a milestone in authentication technology.

Significance of innovation

The integration marks a departure from vulnerable password systems towards a secure and user-centric authentication landscape.

It disrupts conventional authentication by addressing inherent password vulnerabilities, advancing security measures while prioritising user convenience.

Moreover, it aligns with evolving regulations and global privacy trends, advocating for a password-less future.

Beyond technological advancement, this integration prompts a re-evaluation of authentication strategies, fostering an environment where security and user experience converge seamlessly.

Ultimately, it will reshape the trajectory of digital identity verification.

Productionisation process

The cornerstone of our technical architecture is the web API, acting as the interface facilitating seamless integration between FIDO2 and Azure AD B2C.

During the proof of concept (POC) phase, FIDO credentials were transiently stored in-memory.

However, in the finalised production version, meticulous attention was given to scalability and longevity by transitioning to a robust Azure storage solution.

This transformation ensured the permanence and reliability of FIDO credential signatures, aligning the solution with our long-term viability objectives.

Furthermore, this enhanced solution was seamlessly integrated into the broader B2C ecosystem, harmonising with existing CIAM journeys and bolstering the overall user experience.

Who will feel the benefit of this?

Any organisation using Azure AD B2C, and who places a premium on customer experience and security, will feel the benefits of this innovation.

And because of FIDO2’s flexibility, this solution isn’t confined solely to Azure AD B2C. It’s able to harmonise effortlessly with various identity solutions.

Any organisation offering authenticated user services would find considerable value in adopting this cutting-edge authentication technology.

Conclusion

The project was a perfect example of applying industry expertise to customer requirement.

An integration of FIDO2 with Azure AD B2C that very few Microsoft partners have achieved worldwide.

A solution that not only benefits our client, but meets the wider demands of modern identity authentication.

Allowing organisations to move away from old password-based methods and embrace a more seamless, secure, and customer-centric solution for the future.

If you’d like to learn more about how this could benefit your organisation, get in touch with our team.

Key takeaways

Next steps