Enhance your verification process and take advantage of secure authentication for your customers.
Many of our clients are enjoying the benefits of Azure AD B2C authentication (‘B2C’) for their public-facing websites. It offers a secure, robust ecosystem for customised single sign-on flows (also called policies or user journeys) across websites based on any technology, and brings many out-of-the box features to the table, such as social login and MFA.
But if you’re using B2C, are you missing a trick by using out-of-the-box user flows?
Picture a typical sign-up journey for a new user who has an existing relationship with your organisation. For example:
All of these cases require your website to associate the new user credentials with the existing user record in your back office – and to do this, you will need some sort of user verification.
You could deploy the standard sign-up journey from Microsoft, and then do the user verification on your website(s).
But why not incorporate verification into the Azure AD B2C journey, so that it sits inside Azure AD B2C’s secure authentication framework – and outside of your (possibly multiple) websites?
The B2C out-of-the-box user flows give you a lot to work with – look and feel customisation, social logins, MFA and custom fields – but they won’t give you the opportunity to make API calls to your back-office systems.
This means that you can capture something like membership number – but you would be unable to check it against your membership database, or, indeed, validate it against other information about the user.
This is where ‘advanced’ or ‘custom’ flows come in (find out more about B2C flows here).
Let’s take the case of the membership organisation.
In this real-life case, paid-up members are able to access various website features including tools to assist with continuing professional development (CPD).
Members who want to use the website for the first time obviously need to prove that they are members before taking advantage of CPD and other tools.
So, how do you do this within a B2C user flow?
First of all, you need to create a Web API (application programming interface) which can answer the question “Given this information about me, am I a member?”.
So, it will need to take some inputs (for example membership number and date of birth) and provide a Yes/No answer by looking in your CRM system or equivalent. Of course, this Web API needs to be reliable and appropriately secured.
Within the user flow, your B2C partner will create a number of ‘orchestration steps’, which are essentially tiny computer programs – they can receive inputs, process data, and output to the next step.
Your user flow will need an orchestration step, which calls the Web API you have created, and, depending on the result, flows nicely onto the next step (or raises an error).
Your user flow will, of course, need to ask the user for (in this case) their date of birth and membership number, and, if all is well, receive a success message from the API. Ultimately, it will return a token to your website containing the (verified) membership number.
On the strength of this piece of information, your websites can then offer the user all of the appropriate membership tools.
If you’re looking at deploying third-party single sign-on (SSO) for the security or reliability, or just to save time building a decent authentication system, B2C will do all of that for you – but look beyond the feature list and you will find other benefits which may well save you time and help to further secure your user journeys.
Keep your finger on the pulse of identity and Microsoft technology. Submit your business email to get the latest content and event invites straight to your inbox.
Marcus Idle is our Head of Customer Identity and Access Management and IP Development at ThirdSpace. He is responsible for projects involving external identities. Expert in Microsoft’s Azure AD B2B...
READ AUTHOR'S FULL BIO
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.