Do more with External Identities user flows in just a few clicks
Published Jul 19 2021 09:00 AM 13.4K Views

Hello friends,


Thanks to your feedback, we have been steadily making identity for customer and partner-facing applications more flexible and faster to configure out of the box. Today we are making it easier for users with different identities to sign in, sign up and collaborate with improvements to self-service sign-up in Azure Active Directory and next-generation B2C user flows. And for B2C app owners and admins, it’s now easier than ever to configure user sessions and password resets and extend the experience with connections to external data and services.



Self-service sign-up with Microsoft Account and Email One-Time Passcode

Since Ignite, we’ve added two new ways for your external users to "bring their own identity" via the self-service sign-up capability in Azure AD. People who use a personal Microsoft account, to sign into Windows, Xbox, Skype, or any other Microsoft 365 application as an individual or small business can now use their existing account to sign up to any app that has been configured to allow these credentials.


msa and eotp image.PNG


Users who do not have a Microsoft account can request that a one-time passcode (OTP) be sent to their email address.


Request OTP Sign In.png


Configure these experiences in the Azure portal by enabling email one-time passcode and Microsoft Account on the All Identity Providers page. You’ll need to also make sure to enable those identity providers in your self-service sign-up user flows.


Get started with Microsoft account identity provider documentation and email one-time passcode documentation.



Built-in user flows for password reset and keep me signed in for B2C apps

Built-in users flows for B2C let app owners enable users to sign-up, sign-in, and reset passwords without requiring a bunch of new application code. Built-in user flows are now even easier to configure with new out of the box controls. Now generally available, app owners can configure user flows with keep me signed in and more flexible password reset settings with just a few clicks.


Enable keep me signed in to extend the session length for your users using a persistent cookie. This keeps the session active even when the user closes and reopens the browser, and is revoked when the user signs out. Configure password reset settings to allow users to reset their password when they forget, or when prompted to reset an expired password from within the sign in user flow.


KMSI_PR final image (3).jpg



API connectors for Azure AD B2C

A few months ago, we shared several examples of how you can use API connectors to customize sign-up flows for your Azure AD applications.  This feature that lets you extend your sign-up user flows by connecting to external systems is now generally available for both customer and partner journeys.


We are also making API connectors for user flow extensibility even more powerful by introducing the ability to enrich tokens for your sign-in and sign-up user flows with attributes from legacy identity systems, custom data stores, and other cloud services. This capability will be rolling out in preview for Azure AD B2C in the coming weeks.


We love hearing from you, so share your feedback on these new features through the Azure forum or by tagging @AzureAD on Twitter.



Robin Goldstein 

Twitter: @RobinGo_MS



Learn more about Microsoft identity:

Version history
Last update:
‎Jul 15 2021 01:46 PM
Updated by: