Microsoft is putting identity management at the center of its security strategy, and as part of this ongoing program has announced the availability of the Azure AD B2C service, which will allow businesses to authenticate users via pre-existing Facebook and Google logins, and in the near future Microsoft accounts too.
Azure AD B2C is an enterprise grade cloud service that supports authentication using popular consumer identity services, saving businesses the expense of separately creating and managing identities for customers that want to connect to its services.
Businesses can create one or more Azure AD (AAD) B2C tenants, which differ from standard AAD tenants in that users cannot see each other in the address book. Once created, applications can be registered in the tenant, social network providers added, and policies created to determine the various sign up, sign in and identity management processes. Applications can use OAuth 2.0 or OpenID Connect to request user identity information, and Microsoft’s servers handle passwords and run anomaly detection checks.
When creating a sign-up policy, you can specify the attributes that should be populated, i.e. the information you want to collect from users, the identity providers permitted, which can include self-asserted email signup, and finally Application Claims are set in the policy to determine what attributes are sent to applications.
Multi-factor authentication is optional, requiring users to verify a code sent to their mobiles. Finally, the end-user experience can be customized by specifying the HTML and CSS that B2C will use to render the final pages, but if you don’t want to do this, you can opt to use the default templates provided.
Microsoft says that pricing will be announced closer to general availability, but there will be a free tier for the first 50,000 identities, and then on a pay-as-you-go basis will depend on the number of users in the directory, quantity of authentications, and quantity of multi-factor authentications.