Applicant to Alumni: Using Azure AD B2C for Universities – Part One

19 June 2023

Recently, Identity and Access Management (IAM) Lead for Education, Fiona Edmond and Plamen Yotov, our Lead Technical Architect, joined forces to host a webinar for our audiences in Higher Education. The topic focused on how Universities can create a seamless student experience for different stages in the student journey.

The webinar examined how Microsoft’s external IAM platform, Azure AD B2C, can facilitate a seamless experience throughout the student lifecycle. This webinar was the first of a two-part series focusing on identity solutions in the Higher Education space.

Taking a deeper diver into this topic, Fiona and Plamen covered:

  1. The key challenges faced by Universities around Identity and Access Management
  2. How Azure AD B2C can provide a solution to respond to some of these challenges
  3. Customisation options available to users of Azure AD B2C
  4. Ensuring data is safe and secure
  5. Implementing Azure AD B2C

This blog considers the first two items: the key challenges universities face, and the ways Azure AD B2C prove to be a robust IAM solution.

We will follow this blog with a subsequent one covering the latter three points.

A complex landscape and common challenges

A key concern that is repeatedly raised is the complexity of user-profiles and roles. Because of their size and scale, universities tend to have complex user needs for different people accessing university systems for various purposes.

Some examples of user types might include:

  • Applicants
  • Alumni
  • Visitors
  • External lecturers
  • Visiting professors.

Every user listed needs to be able to become part of the university’s system to access different things for different periods.

As with any secure system, it’s essential to ensure that independent users and groups can only access things they need to carry out their purpose and are correctly authenticated.

Things generally get more complex as some users fall into more than one group. For example, an individual may be an undergraduate, post-graduate, exchange student and a short course student. They may also require different data privacy regulations, which universities must comply with. Building an identity solution to facilitate all of this can quickly become overwhelming!

To support all these different users and their needs, universities and their IT departments build custom in-house identity solutions. We find that many in-house solutions have most commonly been constructed in isolation and based on legacy technology.

This approach is problematic as the system becomes very expensive to maintain, and with thousands of new people onboarded each year, proving difficult to scale.

Navigating complexity

An Identity and Access Management (IAM) solution that can accommodate many of these challenges is the Microsoft Azure AD B2C solution for external identities. B2C can support millions of users and billions of authentications per day. The system is scalable and can provide monitoring and automatic handling of threats.

B2C’s primary purpose is to support customer-facing applications or services, allowing users to sign up and sign-in to these applications and services with as little friction possible on user accounts.

Depending on the university’s requirements, user journeys can be complex and require custom logic or specific branding, achievable using B2C and ensuring a seamless user experience.

B2C can easily complement a university’s infrastructure by supporting federation with their Azure Active Directory tenant and social providers such as Google, Apple or Facebook. The system can also be federated with other institutions, organisations, or identity providers supporting SAML or Open ID Connect (OIDC).

The Student Lifecycle

Consider the identity lifecycle of a student. An individual will begin their journey as a prospective student or applicant. Their credentials are stored separately from the student and staff directory used by students and staff, as applicants form a different part of the university’s ecosystem.

To stand out from the competition and attract as many new students as possible, universities are often keen to give applicants access to some of their systems and resources, such as online library resources, making these applications customer-facing. universities can build custom user flows in B2C that allow external users a tailored experience when accessing internal resources.

The University identity landscape is complex, and there are many factors to weigh keep in mind when considering ways to future-proofing and secure processes.

Azure AD B2C can provide a flexible and scalable solution to manage external identities in a way that works best for institutions.

In the next blog, we’ll cover customisation, data security and what it takes to facilitate an Azure AD B2C implementation.

Identity Briefing

If you’d like to chat through your identity requirements, please get in touch with us. You can arrange a no-obligation ‘B2C over coffee’ call with a team member. We’re here to help!