News

Microsoft Updates Azure AD B2C, Adds Flow Integration

• By Kurt Mackie
• May 15, 2017

Azure Active Directory Business-to-Consumer (B2C), Microsoft's customer-facing identity and access management service that launched last July, has a few new perks.

Microsoft last week announced new previews of the service, a new library for developers and some associated Microsoft Flow tools. In addition, Microsoft has expanded Azure AD B2C's support beyond the U.S. and European markets, adding support for 37 more languages, as well as two configuration options.

Organizations can use the "simple" configuration option or there's a "custom" approach that developers may require when setting up the Azure AD B2C service. The custom option permits integration with existing user databases. It also offers more control over "user journeys" during the authentication process, including the ability to have REST API integration with that process. The custom option also enables federation with identity providers using the OpenID Connect standard or the SAML 2.0 protocol.

Microsoft Authentication Libraries
Developers also now have access to "production-ready previews" of the Microsoft Authentication Library (MSAL) for Android, iOS and JavaScript, as well as .NET. They can use these libraries to build applications that use Microsoft accounts (MSAs) or Azure AD work and school accounts, as well as to access Microsoft Graph tokens.

MSAL should be used if developers are "building apps with Azure AD B2C," Microsoft's announcement explained.

MSAL is the successor to the Active Directory Authentication Library (ADAL). Microsoft still supports ADAL, and ADAL "remains the correct choice when you are building an application that only needs to support Azure AD work and school accounts," explained Vittorio Bertocci, a Microsoft principal program manager for identity developer experience, in an announcement.

However, he added that MSAL has a larger scope. It allows developers to have a consistent object model for "work and school accounts, MSAs, Azure AD B2C and ASP.NET Core Identity, and eventually (in a future release) with ADFS [Active Directory Federation Services]."

The "production-ready previews" terminology has a specific meaning with regard to MSAL use. Bertocci explained that Microsoft does have plans to refresh those libraries, but traditional product support will be available while they're at preview. However, when Microsoft does refresh them, developers will have to modify their code. They'll have six months to update their code after "general availability" is announced, he added.

Microsoft Flow Integrations
In a somewhat related announcement last week, Microsoft noted that users of Microsoft Flow tools for automating processes now have some improvements in the ability to use those tools with Azure Active Directory. For instance, IT pros can add users automatically to Azure Active Directory whenever they add them on premises by setting up Microsoft Flow actions.

One new Microsoft Flow capability is the ability to specify an action when new mail arrives in a shared mailbox. Another new capability is the ability to "send an email from a shared mailbox." IT pros also can set up automatic replies with a new "get mail tips for a mailbox" capability. They can also automatically set up escalation requests with a new "get manager" capability.

The Microsoft Flow Admin Center now provides IT pros with a view of the people who have permissions to edit a Flow. They also can see who has permissions to add and remove people responsible for a Flow.

Microsoft has now published documentation on connectors used with Microsoft Flow and PowerApps. Webhooks now can be defined using connectors, which can be used to trigger a Flow. Push notifications can "now be sent to the person who runs the flow." Microsoft also added partner support with Nexmo and Paylocity.

Lastly, Microsoft announced last week that Microsoft Flow is available in Canada. With the new availability, new Microsoft Flow actions that get created by new Canadian customers "will run in Canadian data centers." However, organizations located in Canada that are current Microsoft Flow users won't get their data automatically migrated to the new Canadian datacenters, Microsoft explained.