Configure a custom email provider for one time passcode events in consumer-facing applications
In today's digital age, creating beautiful and seamless end-user experiences is paramount to amplifying your brand, establishing end-user trust, and accelerating your business growth. With the general availability of Microsoft Entra External ID, you have all the tools needed to build consumer-grade UX with the highest standards of security and compliance. We aim to provide simple, seamless experiences for both admins and developers, as exemplified in our recent blogs highlighting developers' pixel-perfect Native Authentication for mobile applications and built-in security controls for admins.
As a next step in this journey, I'm thrilled to announce that we have added a new custom authentication extension to allow more branding customization options for External ID apps. Customization and branding are vital, ensuring that every interaction an end-user has with your application is seamless and reflective of your brand’s identity. Senior Product Manager, Sasha Mars, will walk us through how to get this new extension set up in the Microsoft Entra admin center.
New custom authentication extension for external-facing applications
Hello friends,
Today I’m excited to showcase our newly released custom authentication extension that enables the integration with any Microsoft and non-Microsoft email providers of your choice for one time passcode events triggered during sign-up, sign-in and forgot password flows. You can try the public preview today.
Your users, your experience
We added these customization options based on your feedback that you wanted more control over the experience for your users. For those building customer-facing apps, we know from our experience on the Azure AD B2C platform that a beautifully branded experience is critical in building a trusted relationship.
With the new custom authentication extension, you can easily customize Microsoft Entra External ID built-in email service with an email provider of your choice like Azure Communication Services or any other 3rd party email provider for a custom look and feel.
Create an API which serves as a gateway to the custom email provider
As an option, you can create an Azure function App. Then, create an HTTP trigger function and update the function default value.
Configure EmailOtpSend custom authentication extension
EmailOtpSend custom authentication extension can be configured using the custom authentication extensions blade in the Microsoft Entra Admin Center for your tenant. There, you can register a new custom authentication extension, connect it to your application/s and assign a custom email provider to the application/s.
Let’s take a look at how an admin can configure BYO email and automate it at scale with APIs:
- Basics – This allows you to choose the EmailOtpSend event type.
- Endpoint configuration - This provides the ability to set up your API endpoint.
- API authentication - This grants flow to secure the call to your API endpoint.
- Applications – This applies the EmailOtpSend event to the application/s.
Get started using EmailOtpSend custom authentication extensions by setting up Microsoft Entra External ID tenant.
Learn more about custom authentication extensions.
As always, we love hearing from you, so please share your feedback on these updates through the links below.
Sasha Mars
Senior Product Manager, Microsoft Identity and Network Access
LinkedIn: Sasha Mars | LinkedIn
Learn more about Microsoft Entra:
- Learn more about Custom Authentication Extensions
- See recent Microsoft Entra blogs
- Dive into Microsoft Entra technical documentation
- Learn more at Azure Active Directory (Azure AD) rename to Microsoft Entra ID
- Join the conversation on the Microsoft Entra discussion space
- Learn more about Microsoft Security
Microsoft
