Thanks to your feedback, we have been steadily making identity for customer and partner-facing applications more flexible and faster to configure out of the box. Today we are making it easier for users with different identities to sign in, sign up and collaborate with improvements to self-service sign-up in Azure Active Directory and next-generation B2C user flows. And for B2C app owners and admins, it’s now easier than ever to configure user sessions and password resets and extend the experience with connections to external data and services.
Self-service sign-up with Microsoft Account and Email One-Time Passcode
Since Ignite, we’ve added two new ways for your external users to "bring their own identity" via the self-service sign-up capability in Azure AD. People who use a personal Microsoft account, to sign into Windows, Xbox, Skype, or any other Microsoft 365 application as an individual or small business can now use their existing account to sign up to any app that has been configured to allow these credentials.
Users who do not have a Microsoft account can request that a one-time passcode (OTP) be sent to their email address.
Configure these experiences in the Azure portal by enabling email one-time passcode and Microsoft Account on the All Identity Providers page. You’ll need to also make sure to enable those identity providers in your self-service sign-up user flows.
Built-in user flows for password reset and keep me signed in for B2C apps
Built-in users flows for B2C let app owners enable users to sign-up, sign-in, and reset passwords without requiring a bunch of new application code. Built-in user flows are now even easier to configure with new out of the box controls. Now generally available, app owners can configure user flows with keep me signed in and more flexible password reset settings with just a few clicks.
Enable keep me signed in to extend the session length for your users using a persistent cookie. This keeps the session active even when the user closes and reopens the browser, and is revoked when the user signs out. Configure password reset settings to allow users to reset their password when they forget, or when prompted to reset an expired password from within the sign in user flow.
API connectors for Azure AD B2C
A few months ago, we shared several examples of how you can use API connectors to customize sign-up flows for your Azure AD applications. This feature that lets you extend your sign-up user flows by connecting to external systems is now generally available for both customer and partner journeys.
We are also making API connectors for user flow extensibility even more powerful by introducing the ability to enrich tokens for your sign-in and sign-up user flows with attributes from legacy identity systems, custom data stores, and other cloud services. This capability will be rolling out in preview for Azure AD B2C in the coming weeks.
We love hearing from you, so share your feedback on these new features through the Azure forum or by tagging @AzureAD on Twitter.