In addition to smooth validation journeys and enabling single sign-on, Azure AD B2C also comes with a whole host of security benefits.
Here at ThirdSpace, one of the things we help clients with is to create authentication journeys (sign up, sign in, password reset) for public-facing websites and mobile apps, using Microsoft Azure AD B2C.
At a most basic level, this provides the public-facing website with a hassle-free way of logging in users – removing some of the burden from your website and reducing password reset issues.
At the login stage, your website diverts the user to B2C, and then when the authentication journey is completed, B2C returns an “ID token” to the website, containing information about the user (assuming the appropriate handshakes have occurred between B2C and the website).
But why would you spend money on a third-party service just to log the user in and give you back a token?
One of the big attractions of single sign-on (SSO) as a service – or ‘Identity as a Service’ (IDaaS) as it is more commonly known – is the extra protection it provides both for your end users and for your organisation’s resources.
Building secure authentication journeys involves so much more than hashing the password and comparing it with your credentials database.
A basic pre-requisite is knowing that your login process is secure. Using an OpenID Connect solution – a tried and tested authentication protocol – rather than a home-grown solution is a good way of ensuring that you don’t just have a working login, but a secure one.
But after you’ve ticked that box, you need to consider how you protect against known threats.
“In December 2018, PHP versions 5.6 and 7.0, the underlying technology for 57% of all WordPress websites, stopped receiving security updates.”
Consider the average WordPress-based website. Many website owners do not apply patches, which means their websites become more and more vulnerable to new forms of attack. To make things worse, in December 2018, PHP versions 5.6 and 7.0 (the underlying technology for a staggering 57% of all WordPress websites) stopped receiving security updates.
Of course, many websites do not use established CMS platforms or web application frameworks as a basis for their login functionality – and these websites are far more exposed to threats because their vulnerabilities are not well known, publicised and patched.
Transform the way you provide access to your customers, partners and suppliers. Watch on-demand and learn:
Websites should defend against problems such as:
However, without a team of security experts who can keep up to date with the latest threats, it can be a losing battle.
And that’s just the baseline of threat protection.
What about measures such as:
Azure AD B2C can do all of this, and thanks to their tireless identity and security research, Microsoft have developed machine learning tools which also understand and respond to the threat posed by the user logging in or signing up.
This means that if a user seems highly suspicious to the AI, due to their current or previous behaviour (or other data about their identity), then the AI can prevent them from logging in altogether – protecting your organisation and potentially protecting the real user behind the identity, if that identity has been stolen.
Does your CMS or your IDaaS, do this?
Implementing Azure AD B2C is relatively easy. Using the Azure Portal, you need to register your web application and point it at the built-in user flows (such as “sign up or sign in”). These take over the user experience at the point of login and return access and id tokens once the user has completed their authentication journey.
You’ll pay a fraction of a penny per authentication, but you won’t need to worry about any of the hardware – or about the security for the authentication process. In other words, B2C can take quite a lot off your hands.
Just by offloading the sign in journey to B2C, and before you’ve spent any money on scale or on complex user journeys, you’re getting the industrial-strength security protection offered by Microsoft’s machine learning tools and other B2C features.
As we’ve pointed out in other blog articles, B2C can do quite a bit more for you – from engaging users with social logins, to creating smooth validation journeys – but security is certainly the biggest selling point among the clients we’ve spoken to.
Microsoft is sometimes referred to as ‘the biggest IT security company on the planet’ and with B2C it is certainly making its presence felt in this area.
Azure AD B2C will give you state-of-the-art security – on tap.
Next, see Azure AD B2C in action in this webinar or explore our dedicated web page for more info.
Submit your business email to join our mailing list and we'll send you 'A buyer’s guide to Microsoft Enterprise Security'.
Marcus Idle is our Head of Customer Identity and Access Management and IP Development at ThirdSpace. He is responsible for projects involving external identities. Expert in Microsoft’s Azure AD B2B...
READ AUTHOR'S FULL BIO
Watch and learn how to transform the way you provide customer and partner access.Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.