Case Study
Building a secure multi-brand experience with one of the world's largest Azure B2C deployments
150+ apps. Four brands. One group. Secure authentication and identity management across everything.
This was the challenge given to us by one of the world’s leading telecoms giants. With the help of Azure AD B2C, we rose to the occasion.
Customer experience can make or break a brand. When you’re an enterprise-level business with multiple sub-brands under your umbrella, you can’t afford to offer a subpar digital experience.
In addition to that experience, customers also expect complete security. If your users can’t trust you with their data, they’ll go elsewhere.
Our client, one of the world’s largest telecommunications companies, is undergoing a major digital transformation.
As part of that transformation, it needed to move its customer identity and authentication processes into the Cloud to provide both the security and exceptional experience required.
Azure AD B2C was the chosen solution. As a specialist B2C partner, Microsoft referred the client to us to complete what would become one of the world’s largest B2C deployment to date.
A secure, seamless, on-brand experience with Azure AD B2C
With support from our external identity team, our client now has:
A legacy solution unfit for purpose
Our client quickly identified that its existing solutions simply couldn’t keep up with the pace of change and evolving customer expectations.
Using a combination of SiteMinder and Apigee was preventing our client from delivering the security and brand experience it needed to. With no clear roadmap or capability to meet our client’s ambitions, another solution was needed.
Not wanting to be held back by its technology, our client sought to build a platform for the future based on the principles of zero trust. Faced with over 6000 attacks per day, security was a top priority.
One of the big things for us is security. We want our customers to feel confident and safe giving us their data.
Client Senior Manager for Identity Engineering
Our client wanted to take advantage of modern security features such as MFA and passwordless AND create a seamless, fully branded customer experience across each of its established brands and businesses.
As a secure cloud service with highly customisable branding features, Azure AD B2C quickly established itself as the ideal solution.
After a couple of introductory workshops with us, the client was sold on the platform and work began on a transformation roadmap. The roadmap included the following stages:
- Creating a single authentication framework
- Migration of all customer accounts
- Adoption as a product
- Refinement and further feature development
Creating ‘one front door’ for access and authentication
It was ruled out early on that having a separate authentication framework for each of the client’s business brands was unrealistic.
Having seven or eight different platforms was simply unmanageable and impractical.
What it needed was one framework that could be monitored, upgraded, and simultaneously updated across each brand – with no visible disruption to the customer experience.
This framework would consist of event-driven architecture and contain a single suite of experiences and features that could be ‘skinned’ to represent each brand for a consistent end-user experience.
We’ve got one front door in our security. It makes it great for SecOps, DevOps, etc. They’re only looking in one place for vulnerabilities.
Client Enterprise Architect for Customer Identity and Access Management
Having this one framework also meant that security monitoring improvements could be made, using Microsoft Sentinel to draw security data into a single dashboard for investigation and remediation.
Once the framework had been developed and implemented, the next challenge was migrating users to begin using it.
A roadmap to migrating 30 million customers
With over 150 applications to migrate and more than 30 million customer accounts, we focused on migrating our client’s mobile services brand app first.
This was no mean feat, as the target brand had over 3.3 million active users – and we had to figure out how to securely migrate those users without impacting their usage of the app.
Our external identity team used transparent just-in-time migration to move any users who needed to use the service before migration was completed wholesale.
This involved creating a process where submitted credentials were verified against the existing directory and, if approved, were then created in Azure B2C.
A multi-stage migration process would then be completed to move applications and users to the new platform.
A secure customer identity platform built for scale
Happy with the successful framework development, strategy, and migration of its mobile services brand, we worked with our client to begin the same process on its other brand properties.
Excited by the options and opportunities Azure AD B2C has made available, our client has ambitious plans for the future.
These include completing the migration of its remaining brands, applications, and users into Azure, as well as rolling out passwordless and verified ID technologies to its users.
Alongside improving the customer experience and its internal identity and security infrastructure, our client has also moved to a much-improved pricing structure. As B2C is billed on a monthly active user (MAU) basis, our client will now only pay for usage, rather than per user.
As an organisation with 30-35 million customers, this is a key benefit and one that swung our client in its decision to adopt Azure AD B2C.
It’s now able to confidently expand its offerings and services, knowing that it has a flexible – yet secure – platform on which to build.
Next steps
Don't Miss
Great external identity resources
