Microsoft Entra Adds OpenID Connect Support for External Identity Providers

Microsoft has officially launched OpenID Connect (OIDC) identity provider support for Entra External ID. This feature allows organizations to seamlessly integrate sign-in and sign-up experiences with external identity providers such as Amazon, Auth0, Okta, personal Microsoft accounts, and Azure AD B2C.

What is Microsoft Entra External ID?

Microsoft Entra External ID is a solution for managing external identities in order to enable secure access for partners, customers, and guests. It offers features such as customizable sign in experiences, self-service registration, and tools for analyzing user activity. This service helps organizations to enhance collaboration while maintaining security.

OpenID Connect (OIDC) is an authentication protocol that builds on OAuth 2.0 to securely verify user identities and provide basic profile information. It uses ID tokens to convey identity data and supports single sign-on (SSO), which allows users to access multiple applications with one login.

According to Microsoft, this new feature leverages the OAuth 2.0 authorization standard and OIDC specifications to let users sign in and sign up with their existing accounts from the external identity providers. It helps to simplify the authentication process, enhance user experience, and facilitate seamless collaboration with external partners.

“Enabling users to access your applications with their existing accounts from other identity providers provides two major benefits: it facilitates partner integration through identity federation and allows users to sign in with their existing credentials rather than creating new ones. This seamless approach fosters partnerships, boosts conversion rates, and enhances user satisfaction,” Microsoft explained.

What are the key scenarios for OpenID Connect external identity providers?

Microsoft Entra External ID’s support for OpenID Connect (OIDC) external identity providers enables several key scenarios for organizations. It allows businesses to seamlessly connect their sign-in and sign-up flows with various cloud identity providers. Moreover, organizations can use Entra External ID to create new Customer Identity and Access Management (CIAM) experiences as well as maintain integration with existing Azure AD B2C tenants. This feature also allows customers to sign in with their existing social provider accounts, such as personal Microsoft accounts, to simplify the authentication process.

Additionally, organizations can establish secure authentication with government and citizen identity providers. This feature also enables federated authentication for partnership scenarios, including partner employee discount programs.

Limitations

As of today, OpenID Connect (OIDC) federation in Microsoft Entra External ID supports integration only with non-Entra tenants. This includes Azure AD B2C, personal Microsoft Accounts, and any cloud identity provider that adheres to the OpenID Connect protocol.

Microsoft plans to expand this feature to include federation with Entra tenants as external identity providers. This feature will enable customers to authenticate with business partners or employee accounts through Entra tenants. If you’re interested, you can learn more about how to add OpenID Connect as an external identity provider on this support page.