Howdy folks,
In this unusual year, organizations have doubled down on digital engagement with their customers and are prioritizing the security and customization of their user experiences. We’ve kept this top of mind as we evolve our vision for Azure Active Directory (Azure AD) External Identities, making customization of identity experiences easier than ever.
Today we're announcing new ways you can customize your B2C apps. Once again, we’ve got Partner Group PM Manager Robin Goldstein on the blog to tell you more.
As always, we hope you’ll try out the new features and share feedback through the Azure forum or by following @AzureAD on Twitter.
Regards,
Alex (@Alex_A_Simons)
------------------------------------
Hi everyone,
At Ignite, we announced a step forward in our Azure Active Directory (Azure AD) External Identities journey with the addition of Conditional Access and Identity Protection to Azure AD B2C, extending Microsoft’s world-class security to help you protect customer and citizen identities. Today, we are excited to announce two more features that make it easier to design secure and seamless customer-facing experiences in Azure AD B2C: API connectors, and phone sign up and sign in for user flows.
API connectors allow you to leverage web APIs to integrate with external cloud systems to customize your identity user experience. Earlier in the year, we shared how you could customize External Identities self-service sign-up with web APIs in Azure AD to enable common use cases like approvals and data validation. You can now use the preview of API connectors for Azure AD B2C to enable those same scenarios and more.
If you’ve been using Azure AD B2C already, you may be familiar with the ability to use REST API’s in your custom policies. With API connectors for user flows, you can now enjoy similar flexibility using our next-generation preview user flows which are also in public preview.
Here are some more great examples of scenarios you can enable with API connectors:
Protecting against bots and automated attacks on publicly exposed sign-up experiences is critical to your security posture. With API connectors and a bit of JavaScript, you can add any CAPTCHA or fraud detection and abuse service, such as Arkose Labs Platform, to your sign-up experience to help prevent fraudulent signups.
Another way to protect your sign-up experiences is to limit it to certain audiences. Using API connectors, you can provision invitation codes for specific audiences and require users to enter a valid code during sign-up.
Verifying or affirming your user’s identity can also reduce the risk of fraudulent signups by malicious actors. Using API connectors, you can integrate solutions from IDology, Experian, or other providers to verify user information based on user attributes collected at sign-up.
To get started, check out the great samples of these scenarios our team put together and learn how to add an API connector to a user flow.
Rounding out our improvements to user flows in Azure AD B2C, you can now enable users to sign-up and sign-in to your app using their phone number (phone-based SUSI). This reduces the need for additional passwords and makes the experience much easier on mobile devices. Like other credentials and identity providers, setting up phone-based SUSI for a user flow can be done with just a few clicks. This feature is now being rolled out worldwide.
To get started, you can set up a user flow in the admin portal, using the combined phone/email sign-up option now under local accounts in the identity providers blade:
User flows with phone-based SUSI can also be managed using graph APIs to view, add, and delete local accounts. Check out the documentation to learn more.
On behalf of the Azure AD External Identities crew, thank you for your feedback so far. We hope you’ll try out both preview features and share more about how you are customizing your B2C user experiences.
Robin Goldstein (@Robingo_MS)
Partner Group PM Manager
Microsoft Identity Division
Learn more about Microsoft identity:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.