cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Evolving Azure AD for every user and any identity with External Identities
By
Alex Simons (AZURE)
Published May 21 2020 05:00 AM 26.5K Views
Alex Simons (AZURE)
Microsoft
‎May 21 2020 05:00 AM

Evolving Azure AD for every user and any identity with External Identities

‎May 21 2020 05:00 AM

Howdy folks,

 

Earlier this week at Microsoft Build, we announced that Azure Active Directory (Azure AD) External Identities is available in public preview. Azure AD customers have given us a ton of feedback that they want a single, integrated identity service for enabling collaboration with partners and customers of all types. That’s what we’re working to deliver, so I’m excited that we’re ready to share this important update with you today!

 

To kick off the discussion, I’ve invited Robin Goldstein, a Principal Group PM Manager on the Microsoft Identity team, to blog about this growing set of capabilities that enable organizations and developers to secure, manage and build apps for customers, partners or any other external users. You’ll find Robin’s blog below.

 

As always, we hope you’ll try out the new features and share feedback through the Azure feedback forum or by following @AzureAD on Twitter. 

 

Regards,

 

Alex

 

-----

 

Hi everyone,

 

I’m Robin and I lead the team’s efforts around B2B, B2C and our auth user experiences.  I’m thrilled to be participating in the Identity blog for the first time to talk about Azure AD External Identities and the new set of features that you can try out today. With Azure AD External Identities, we are making a whole bunch of investments that will make it easier for organizations and developers to secure, manage and build apps that connect with different types of users outside an organization. In case you missed our demo at Microsoft Build, you can watch the on-demand session for free. 

 

Now let me tell you what I’m so excited about. 

 

Organizations are collaborating and connecting with more external users than before, especially as they adapt to remote business environments. At the same time, IT departments are being asked to streamline costs while scaling to connect with a growing external user base of distributors, suppliers, and other business partners. Now more than ever, it is critical for business continuity to have a single, flexible identity solution to secure and manage these dynamic relationships while still protecting their most valuable data and assets.  

 

Build flexible, user-centric experiences for collaboration 

 

Many of our customers and developers use Azure AD and Azure AD B2C because ‘bring your own identity’ is an essential requirement for their applications and business workflows. Previously, we empowered employees to invite users from other organizations to collaborate as guests, and more recently, we have added even more ways for external users to collaborate with the general availability of Google federation and public preview of email one-time passcode

 

Now in public preview, admins and developers can enable self-service sign-up and sign-in for their apps, integrating Google and Facebook IDs in additional to the current set of identity providers. Once integrated, the experience can be continuously updated and customized without changing app code. Check out the documentation to learn more about enabling self-service sign-up with social IDs via the Microsoft Graph API.

 

Configure the end-user experience for sign-up with social identities both in the Azure AD portal and via API.Configure the end-user experience for sign-up with social identities both in the Azure AD portal and via API.

 

 

We know many of our customers rely on Company Brand capabilities to customize the look-and-feel of their identity experiences. Now, using custom user attributes, you can also localize and customize the forms a user fills during the self-service sign-up process. This gives you an easy way to gather more information about users accessing apps and services in your organization. Read the documentation to learn more about customizing attributes for your apps.

 

 

Configure and customize user attribute collection.Configure and customize user attribute collection.

 

You will find all of this in the new External Identities blade in the Azure AD Portal.

 

In the coming weeks, we’ll refresh the preview with support for external API connectors to further extend the experience via approval workflows or other external process. 

        

Protect your customers, apps, and brand 

 

Protecting sensitive data and staying compliant is critical to maintaining user trust. You may already use premium security capabilities of Azure AD such as Conditional Access and Identity Protection to secure your users and applications. These capabilities are also available to secure collaboration with External Identities. 

 

Govern external users more effectively 

 

Many of you may be managing external relationships by creating internal user accounts for every guest in your directory. Now you can convert these users to external users and get the benefits of External Identities. When you invite internal users to B2B collaboration, guest users represented as members in the directory can connect and collaborate using External Identities—while leaving the user ID, user principal name, group membership, and app assignments intact. This allows you to follow governance best practices while improving your end user experience. You can try out the public preview of this feature now. Check out the documentation to learn more

 

Securely manage all your external identities at scale 

 

External Identities extends the global availability, reliability, and scale of Azure AD to your customers and partners with built-in security and privacy as top priorities. Learn more about Microsoft’s commitment to security and data privacy

 

This is just the beginning of our vision for External Identities. I hope you’ll try out these public preview capabilities today and share your feedback. And don’t hesitate to ping me @RobinGo_MS if you have any feedback or questions, I’d love to hear from you.

 

Thanks! 

 

Robin  

13 Comments
BigJonny
Copper Contributor
‎May 21 2020 12:40 PM
‎May 21 2020 12:40 PM

We're excited to try this out at the City of Redmond. A unified identity for residents and business owners to use to authenticate across the many services we offer.

thommck-on-twitter
Brass Contributor
‎May 21 2020 01:20 PM
‎May 21 2020 01:20 PM

Will this work with Windows Virtual Desktop? That's the only remaining use case we have to create an external user (e.g. a partner or contractor) as an internal ad account :pensive_face: 

Robin Goldstein
Microsoft
‎May 21 2020 07:58 PM
‎May 21 2020 07:58 PM

@thommck-on-twitter not yet, but on our roadmap, thanks for the feedback

gleizerowicz
Copper Contributor
‎May 23 2020 08:52 AM
‎May 23 2020 08:52 AM

When will guidance be available for migrating existing SaaS customers and custom signup/signin flows from AAD B2C, or will this be an extension of existing features?

0 Likes
Like
Robin Goldstein
Microsoft
‎May 23 2020 09:22 AM
‎May 23 2020 09:22 AM

@gleizerowicz   Azure AD B2C supports highly customized experiences. At this time External Identities is well integrated with Azure AD premium but does not have all of the customizability. We will have more guidance later this year.

0 Likes
Like
bsorek
Copper Contributor
‎May 24 2020 12:37 AM
‎May 24 2020 12:37 AM

@Robin Goldstein Does this mean that from an identity management perspective Azure AD and Azure AD B2C are identical? Given the progress being done on the Azure AD front, which use cases would B2C handle that is not handled by Azure AD? 

Are there plans to converge AD B2C and Azure AD into one solution? 

0 Likes
Like
Robin Goldstein
Microsoft
‎May 24 2020 11:28 AM
‎May 24 2020 11:28 AM

@bsorek @Thanks for your questions. At this time we have merged some capabilities of B2C in to Azure AD to extend the enterprise capabilities to more users. You will see more of this from now on. However, as of today, Azure AD B2C is awesome for apps that need a higher level of customization or serve upwards of 100million customers.

belaie
Brass Contributor
‎Jun 24 2020 11:17 AM
‎Jun 24 2020 11:17 AM

@Alex Simons (AZURE)  very cool, you guys solved this better than B2C has solved integration with 3rd party APIs connectors (technical profile) :) ,  In B2C we have to write lots of xml in custom policy to build a  simple workflow like this, it would be a nice idea to ask B2C team to follow your path in their roadmap.  

0 Likes
Like
Alex Simons (AZURE)
Microsoft
‎Jun 24 2020 11:28 AM
‎Jun 24 2020 11:28 AM

Hi @belaie  -

 

You'll be happy to know this was actually built by the B2C team (we don't call them that anymore though). We are in the process of merging AAD B2C and regular AAD into one consistent platform. This will take us some time, but we're well underway and this is one of the first publicly visible instances of that effort.

 

Glad to hear the new approach works well/easier!

Best Regards,

Alex 

belaie
Brass Contributor
‎Jun 24 2020 11:52 AM
‎Jun 24 2020 11:52 AM

@Alex Simons (AZURE)  thanks for updates, since you guys will be merged and working together, i wonder if b2c identity experience framework will be the backend engine in AzureAD for user flows, I would give feedback on this, please make experience more UI driven with flow designer (similar to logic apps designer)  to visualize flows and work with flows for rapid development. This has been very challenging in b2c where one has to learn lots of xml and different xml files in order to create even custom user flow.

0 Likes
Like
Robin Goldstein
Microsoft
‎Jun 24 2020 12:33 PM
‎Jun 24 2020 12:33 PM

@belaie , Robin here from the authentication team. We take care of lots of cool features including the External Identities and B2C.  We are actually hard at work getting a few more things built in to user flows in B2C, so you should see the API connector functionality show up there too later this year (fingers crossed!).  As for how we bring more extensibility and support capabilities like flow (aka PowerAutomate), we think that's a great idea too and definitely looking into. Happy to hear your feedback!

chgalle
Copper Contributor
‎Oct 21 2020 11:10 AM
‎Oct 21 2020 11:10 AM

@Robin Goldstein that's great news! Looking forward to more capabilities! Does AAD focus on SignUp or are the other flows like SignIn (only) on the roadmap as well? This would be super interesting for scenarios were the account gets created via graph API after an external trigger

0 Likes
Like
Robin Goldstein
Microsoft
‎Dec 05 2020 04:06 PM
‎Dec 05 2020 04:06 PM

@chgalle just catching up on some messages today. So far the first customizable flow we've implemented is Signup. We are definitely working on other flows and how to make those more customizable and flexible too.

0 Likes
Like
Version history
Last update:
‎Jul 24 2020 01:07 AM
Updated by: