ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
 Load more
31 January 2019

How to enable secure user authentication with advanced flows in Azure AD B2C

  • CIAM
  • Azure AD B2C
Marcus Idle

Enhance your verification process and take advantage of secure authentication for your customers.

Many of our clients are enjoying the benefits of Azure AD B2C authentication (‘B2C’) for their public-facing websites. It offers a secure, robust ecosystem for customised single sign-on flows (also called policies or user journeys) across websites based on any technology, and brings many out-of-the box features to the table, such as social login and MFA.

But if you’re using B2C, are you missing a trick by using out-of-the-box user flows?

Picture a typical sign-up journey for a new user who has an existing relationship with your organisation. For example:

  • You are a membership organisation – your user is an existing member, signing up to use the website for the first time.
  • You sell financial services – your customer has purchased an insurance policy from you by phone – and now wants to login to your website to see their policy documents.
  • You are a retailer – your customer already has a relationship via a loyalty scheme or promotion – and wants to order online for the first time.

All of these cases require your website to associate the new user credentials with the existing user record in your back office – and to do this, you will need some sort of user verification.

You could deploy the standard sign-up journey from Microsoft, and then do the user verification on your website(s).

But why not incorporate verification into the Azure AD B2C journey, so that it sits inside Azure AD B2C’s secure authentication framework – and outside of your (possibly multiple) websites?

 

Thinking outside of the B2C box

The B2C out-of-the-box user flows give you a lot to work with – look and feel customisation, social logins, MFA and custom fields – but they won’t give you the opportunity to make API calls to your back-office systems.

This means that you can capture something like membership number – but you would be unable to check it against your membership database, or, indeed, validate it against other information about the user.

This is where ‘advanced’ or ‘custom’ flows come in (find out more about B2C flows here).

Let’s take the case of the membership organisation.

In this real-life case, paid-up members are able to access various website features including tools to assist with continuing professional development (CPD).

Members who want to use the website for the first time obviously need to prove that they are members before taking advantage of CPD and other tools.

So, how do you do this within a B2C user flow?

1. Create your API

First of all, you need to create a Web API (application programming interface) which can answer the question “Given this information about me, am I a member?”.

So, it will need to take some inputs (for example membership number and date of birth) and provide a Yes/No answer by looking in your CRM system or equivalent. Of course, this Web API needs to be reliable and appropriately secured.

2. Link the user flow

Within the user flow, your B2C partner will create a number of ‘orchestration steps’, which are essentially tiny computer programs – they can receive inputs, process data, and output to the next step.

Your user flow will need an orchestration step, which calls the Web API you have created, and, depending on the result, flows nicely onto the next step (or raises an error).

3. Success!

Your user flow will, of course, need to ask the user for (in this case) their date of birth and membership number, and, if all is well, receive a success message from the API. Ultimately, it will return a token to your website containing the (verified) membership number.

On the strength of this piece of information, your websites can then offer the user all of the appropriate membership tools.

 

Conclusion

If you’re looking at deploying third-party single sign-on (SSO) for the security or reliability, or just to save time building a decent authentication system, B2C will do all of that for you – but look beyond the feature list and you will find other benefits which may well save you time and help to further secure your user journeys.

Find out how Azure AD B2C can aid GDPR compliance and secure your web applications by downloading our e-Guide

You may also like...

 Blog

Azure AD B2B vs B2C: What are the key differences between Microsoft’s external access products?

 Blog

How to reduce membership friction and stay secure with Azure AD B2C

 Blog

Secure application sign-in with Azure AD B2C

Recent Blog Articles

View All
Author
Marcus Idle
 Head of CIAM and IP Development Learn More

Need advice? Our experts are waiting...

Simply request a free Vision Call. We can help you with solution ideas, technology education, best practice advice and more.

Request Vision Call
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.