One of the most common features we as developers have to include in any solution is that of Identity management. Identity management has taken many forms right from static ID & password implementation with some green-shoot service to an extremely scalable multi-platform integrated solution. The decision about what type of mechanism needs to be implemented largely depends on the application, its scope, and usage. A simple intercompany project (like timesheet, etc.) can utilize the companies internal identity service for the same or a larger implementation which involves end user can utilize services created by 3rd parties.
Most of these mechanisms do need some degree of understanding of the application and data security. Especially if your application is a public facing, global application, then things get more complicated with the team needing to understand not only application security but also data protection implementations made across various countries. Due to this a puny login feature can itself turn in to a behemoth needing the interaction of multiple teams and reviews.
This scenario is quite common and thus many of the service providers have started providing out of box solutions to answer this issue. Companies like Okta have provided reliable identity services for some time now. But what about in Microsoft world? Most small & mid-sized customers prefer to use a single platform for all their implementations and asking them to put their trust and more importantly the data of their customers and employees to a company they have not heard of is a bit of a task. To add to all these some of these services only provide support for limited platforms. So, if you are looking at a solution which is available on desktop, mobile, SPA’s, etc. then the choices are fairly limited.
Microsoft understood this challenge and in 2018 came up with a service called Azure Active Directory (Azure AD) B2C. As the official website puts it:
Azure Active Directory (Azure AD) B2C is a business-to-consumer identity management service. This service enables you to customize and control how users securely interact with your web, desktop, mobile, or single-page applications. Using Azure AD B2C, users can sign up, sign in, reset passwords, and edit profiles. Azure AD B2C implements a form of the OpenID Connect and OAuth 2.0 protocols. The important key in the implementation of these protocols is the security tokens and their claims that enable you to provide secure access to resources.
If you are not able to decipher the jargon above, let me put it simply. Azure AD B2C can help you manage end-user identity with ease & high customization while maintaining a high level of security (which you have come to expect from Microsoft).
There are multiple advantages of using Azure AD B2C in your public facing application. Some of them are:
- High level of customization not only on service but also on UI level
- High availability Guaranteed 99.9% uptime of the Azure Active Directory B2C service
- Extremely secure (because of the use of OpenID & OAuth)
- Out of box integration with most identity providers
- Multi-platform and is available for Desktop, Web, Mobile & SPA applications
- Backed by robust Azure & Azure AD platform
- Easy integration with custom applications
- Per Application Multi-Factor authentication out of box
Last but not the least what really tilts the scale in Azure AD B2C is its pricing. Customers are billed monthly based on the number of authentications. There are no charges to storing users in B2C directory. The first 50,000 authentications are free and per authentication, the cost can be as low as 0.002 to 0.00060 Euros depending on usage.
Azure AD B2C also helps you somewhat eliminate the cost of creating a platform which is compliant with various data laws like GDPR, etc. as personal data is not stored on your servers. It also enriches the end-user experience as the end user is able to have a liberty of choosing the identity provider they rely on rather than forcing them to use a particular vendor.
Thus, Azure AD B2C can help our teams focus on the business to provide a robust feature rich solution rather than on identities.
About Rohan Wadiwala
Rohan is a Solution Architect for MS Stack in Sogeti India Microsoft Practice & Sogeti Europe. He has 13 years of professional experience with 4 years in Architect role covering all aspects of software life cycles on Microsoft & DevOps platform. Rohan is actively involved in absorption of review of new technologies including Docker, Azure, etc. Solution Architecting: Involved in Solution Estimation, RFP response for .Net projects across various industry verticals.
More on Rohan Wadiwala.