Today I'd like to build on Stuart's introduction by explaining why we saw a customizable, policy-based approach to B2C as being essential – and what it means for the rest of our identity architecture. This will help you understand how our B2C offering, now in public preview, actually works. It will also provide insight into the capabilities of our upcoming advanced features. I think it will become evident that the combination of our existing and future products will represent a substantial step forward for the industry. It means organizations of any size can handle all their different customer relationships, grow without limitation, gain exceptional control of user experience and still dramatically reduce risk, cost, and complexity. The Why Readers of this blog probably already know quite a bit about enterprise identity management. So let me begin with what I think is the most important piece of information I can convey to people who are already expert: B2C does not just involve a couple of tweaks on the identity management we have learned to do for employees and devices. The underlying technical infrastructure, the developer model, the protocols and information storage concepts, continue to apply. But whole new technical capabilities are also required that make B2C, well… different . To fully understand what's at play we need to ask, "What are the differences between the way businesses interact digitally with their customers and the way they interact with their employees?" This isn't the place to explore this – I'll do so on identityblog . For now I'll sketch the big picture as I see it. Organizations and their employees typically have a close and ongoing relationship. Employers "know" their employees, having verified their qualifications and made them part of an enterprise team. They assign them a "corporate identity" – an account and password (and potentially a smartcard or OTP device) through which they identify themselves to corporate systems. To maximize productivity, employees typically log in once and work using their corporate identity for long periods of time. Internal identity systems have not generally been context-aware : the context has simply been that the employee is at work, doing his or her job. Meanwhile organizations have had a completely different approach towards their customers. Relationships with customers have been driven by sales and marketing departments, not by traditional IT departments. The goal has been to eliminate friction (and clicks!) so new customers come on board – even before the enterprise knows the slightest thing about them – and then deepen the relationship and get to know the customer based on his or her specific needs and behaviors. Succeeding at this results in retention of the customer over time. Marketers in a number of industries actually see the ultimate role of customer identity being to learn how to delight their customer. Clearly there are also cases where customers need access to their own valuable possessions and information, for example, in financial, health, insurance and government scenarios. Here customers will be willing to jump through various hoops to prove their entitlement and protect what is theirs. But far from being an exception, such high value scenarios drive home the fact that interacting with customers is all about being able to match the customer experience and related identity interaction to the specific activity a customer is engaged in rather than imposing some inflexible one-size-fits-all approach on everything. The essential is that B2C scenarios demand, above all else, the ability to customize the customer's identity experience to what is right for whatever they are doing. The what The requirement for continuous customization led us to create a technology enabling organizations to create "policies" that allow complete control over identity behaviors and experiences, and use these to drive the behavior of a flexible "identity experience engine" that handles all the issues around security, information protection, protocols, support for mobile and web devices and applications, and scalability. Any application developer, department, enterprise, or group of enterprises can create policies. Then applications and portals can, depending on their context, invoke the identity experience engine passing the name of a policy and get precisely the behavior and information exchange they want without any muss, fuss or risk. These policies are what Stuart Kwan called "the secret sauce of Azure AD B2C". What behaviors of the identity experience engine do the policies control?
The How It is important to understand that the identity experience engine used in B2C is an intrinsic part of Azure Active Directory, not some new service. The policy-based approach applies to many Azure AD scenarios besides B2C. All enterprise computing can benefit from policy-based identity and you likely already recognize that Azure AD Premium's Conditional Access introduces these capabilities into B2E scenarios. It is our goal to make Azure AD B2C identity management available to every organization regardless of size or complexity. We've been working with a host of companies in preview to make sure our B2C offering solves the customer identity challenges of a wide cross section of companies solving straightforward issues. B2C uses all the same technology as will the more advanced upcoming features. The difference is that the existing B2C policies are 100% written by our Azure AD B2C Admin Portal. As Stuart explained, to author policy, you pick all the options you need to integrate a growing number of social providers and/or a customizable identity provider uniquely for your tenant. You can extend schema and select multi-factor authentication, do email verification and much more. You choose what information is released to which application. As you maneuver through the portal it writes your policy. The upcoming advanced B2C capabilities will be a superset of the existing in which you will be able to take advantage of all the other capabilities of the system that are not present in the portal. I invite you to follow a set of posts I will be beginning soon on identityblog to tell you all about it and show examples of how it works. I hope to hear from you there. Meanwhile, please take a good look at the existing Azure AD B2C capabilities in light of the whole world of capabilities the upcoming features are opening up. Thank you, Kim Cameron (Twitter: @Kim_Cameron ) Identity Architect & Distinguished Engineer Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.