Traditionally resources in the Microsoft world have been controlled through Active Directories and more recently with the provision of Azure Active Directories there is a comprehensive identity and access management solution available via the azure cloud.
What’s important to note is that Azure active directories are really geared at allowing organisations to integrate line of business applications or SAS applications. The Azure AD application gallery provides a huge number of applications such as box, yammer twitter that can all be configured for single sign on.
The important thing to note is that Azure Ad solutions are generally geared for internal users and partners. Azure has recently introduced Azure B2C.
Azure B2C is provisioned as a SAS solution that will allow organisation to provide an identity and authentication mechanism for applications that are provided to their end customers. This basically means that the registration and signin process can be outsourced to Azure B2C. The software developers no longer need to concern themselves about storing and securing user information in their own custom format and can provide features such as multi factor authentication with ease.
Azure B2C provides support for OAuth 2.0 and this would allow applications to utilise access_tokens to gain access to resources that are secured by an authorization server.
Azure B2C extends OAuth2.0 and OpenID Connect through a concept of policies. Policies allow operations beyond authorization and authentication and can be customised to meet custom requirements further these policies can be used across multiple applications.
The following diagram provides an overview on how a web application can utilise Azure B2C:
The one limitation with Azure B2C currently is the lack of support for SAML (Security Assertion Markup Language). In the medium term this is likely to change and its worth considering utilising AzureB2C for handling the security of customer facing application in your organisation.
The key advantage of a solution like AzureB2C are:
- Single Sign on and Sign off
- Industry standard security (Customer profile data is secured and maintained by Microsoft)
- Customers can use social accounts such as Facebook, LinkedIn and Google to sign in and this functionality is maintained by Microsoft.
- A unified and branded sign-in, registration and forgotten password experience
- High Availability and Scalability out of the box
- Multifactor Authentication without hassle
First published in North Starr's Starr Tech Enterprise