News

Microsoft's Customer-Facing Authentication Service Goes Live

• By Kurt Mackie
• July 28, 2016

Microsoft on Wednesday launched a new identity and access management service for organizations that develop customer-facing applications.

Now available in North American markets, Microsoft's Business to Consumer (B2C) service for Azure Active Directory lets organizations plug into Azure AD authentication technologies on the back end, while allowing users (consumers) to authenticate quickly using pre-existing social media logins. The service had been at the preview stage for almost a year.

The Azure AD B2C service currently works with social media services such as "Facebook, Google, LinkedIn and Amazon," according to Microsoft's announcement. It also works with Microsoft accounts. Alternatively, an organization can offer the user the ability to create an account.

Microsoft's announcement of the "general availability" of Azure AD B2C noted that this service is currently being used by the Indiana Office of Technology for authenticating citizens' use of the state's InBiz application, and that it solves a storage problem for housing all of that ID data. The service "can scale up to hundreds of millions of consumer identities per tenant," Microsoft's announcement claimed.

The service is also being used by Real Madrid to enable authentication for mobile and Web apps, supporting "450 million fans around the globe." It provides login support for Real Madrid's apps without it having to build the code, the announcement explained.

The service, however, is just available in North America right now. Microsoft has been building out its datacenter infrastructure to enable the Azure AD B2C service and plans to bring it to other markets "over the next few months." The service is supported for more than 21 languages.

Organizations using Azure AD B2C have access to the user account information that gets created. "You own your consumers' data and manage your app's terms of use," the announcement explained.

Developers get a RESTful API, essentially the "Graph API," for customization purposes. There are options for "branding, token, session and SSO configuration, information collected from consumers and claims passed back to the app," Microsoft indicated. If wanted, multifactor authentication can be enforced, which is a secondary identity challenge besides a password, such as a response to an instant message or an automated phone call.

Azure AD B2C supports authentication protocols such as OAuth 2.0 and OpenID Connect. The service works with "mobile, web and native apps using Microsoft's authentication libraries or open-source ones," according to the announcement.

Microsoft claims that the Azure AD B2C service simplifies account creation by consumers and adds self-management. For instance, users can change their sign-up and profile details, and they can reset the passwords they create.

Azure AD B2C service billing is based on a "consumption-based pricing model," Microsoft indicated. There's a free trial period until "early 2017." Documentation and samples can be found at this page.