Webinar Recap: Getting started with Azure AD B2C

13 October 2020

Last week, we kicked off the first webinar of our series on Microsoft Azure AD B2C. This webinar offered an introductory insight into B2C and its identity and access management capabilities. As this webinar series continues over the next five months, our identity experts will begin to delve further into Microsoft Azure AD B2C and give you a comprehensive view of its functionality. In this blog, we will recap the key takeaways from the Q&A session. If you have any questions for our presenters David Manning and Dave Downs, please feel free to get in touch.

Microsoft Azure product support

B2C is a Microsoft product, so presumably, as they continue to develop it, can you give any more information on the frequency of changes? And the kind of things they’ve been introducing recently?

Microsoft has a public changelog that tracks recent features they’ve released. These features tend to go through a process of private preview, public preview, and general availability. During public preview, we tend to get involved by trying the features out as they go through the process.

A recent development has been improved styling around ‘one-time passcode’ emails. These emails have been a fairly standard email issued by Active Directory up until the last few months. Now, Microsoft support fully styling these emails using an external email provider like SendGrid. Microsoft is also adding in more features that leverage the power of Active Directory.

One new feature recently released to public preview is conditional access – this involves using machine learning and the power of Azure to determine the likelihood a user is who they claim to be. This is determined based on a variety of signals including usage patterns, such as previous login times and where the user logged in from last. A risk score will be assigned, which may then result in the user being prompted for additional checks such as multifactor authentication (MFA) or even actively denying them access.

Tailored Communication in B2C

Can you trigger communication on the back of a user action like sending a welcome email on registration?

With Custom Policies, custom steps can be put into place that call REST APIs. An external email provider, such as SendGrid, or similar, would be used to define and send the email based on a template. B2C would then make a REST API call to that external provider, which triggers the email.

You can have B2C build up a complex JSON request as part of that API call to do any personalisation of the email, such as sending over forename and surname. Or, if the email provider doesn’t have an API that B2C can communicate with, you could create an API bridge. In that scenario, B2C calls your API with details of the user and the email to send, and your API makes the more complex call to the email provider.

Administrator User Management in B2C

As an administrator for the system, can I manage my user’s details?

Users are added into an Active Directory, so there is some degree of management allowed through the Azure Portal. Anything more extensive than editing basic profile details, such as forename and surname, is likely going to be done through Graph API possibly using a custom user management portal.

With a custom portal, you get full control over how an admin manages your users. This can then tie back to tokens issued from B2C and Active Directory allowing you to completely secure access, and to ensure that only admins who have the required permissions can edit users.

Does this apply to any CRM?

This doesn’t only apply to Microsoft products; it is generally anything that has an API that B2C can talk to. Usually, this is either a standard REST API or anything that you can write an API bridge for. If you write an API to communicate with other APIs, you can have B2C talk to that, and then that can talk to anything. For example, it may talk to Salesforce, or it might talk to something that’s without API, such as Azure storage, table storage, or SQL server. An API can be written around those, and then pull in or write out information to those systems using your API from B2C.

In summary, B2C can interact with pretty much anything, .  as most systems now either have an API or library that you can talk to and so B2C can either communicate with them directly or, if that’s not possible, via an API bridge.

If you missed out on our first webinar on Azure AD B2C, you can view the full recording on our YouTube channel. Our next webinar in the B2C series will take a more in-depth look at Azure AD B2C, and as each month progresses our attendees will come away with a deeper understanding of its capabilities, features, and the power of Azure.