Simple and secure customization with B2C user flows
Published Nov 24 2020 09:00 AM 11K Views

Howdy folks, 

 

In this unusual year, organizations have doubled down on digital engagement with their customers and are prioritizing thsecurity and customization of their user experiences. We’ve kept this top of mind as we evolve our vision for Azure Active Directory (Azure AD) External Identities, making customization of identity experiences easier than ever. 

 

Today we're announcing new ways you can customize your B2C apps. Once again, we’ve got Partner Group PM Manager Robin Goldstein on the blog to tell you more. 

 

As always, we hope you’ll try out the new features and share feedback through the Azure forum or by following @AzureAD on Twitter.  

 

Regards, 

Alex (@Alex_A_Simons)

------------------------------------ 

 

Hi everyone, 

At Ignite, we announced a step forward in our Azure Active Directory (Azure AD) External Identities  journey with the addition of Conditional Access and Identity Protection to Azure AD B2C, extending Microsoft’s world-class security to help you protect customer and citizen identities. Today, we are excited to announce two more features that make it easier to design secure and seamless customer-facing experiences in Azure AD B2CAPI connectors, and phone sign up and sign in for user flows. 

 

Extend and secure user experiences with API connectors in Azure AD B2C 


API connectors allow you to leverage web APIs to integrate with external cloud systems 
to customize your identity user experienceEarlier in the year, we shared how you could customize External Identities self-service sign-up with web APIs in Azure AD to enable common use cases like approvals and data validationYou can now use the preview of API connectors for Azure AD B2C to enable those same scenarios and more.  

 

If you’ve been using Azure AD B2C already, you may be familiar with the ability to use REST API’s in your custom policies. With API connectors for user flows, you can now enjoy similar flexibility using our next-generation preview user flows which are also in public preview. 

 

Azure Portal experience adding an API connector to a user flow in Azure AD B2CAzure Portal experience adding an API connector to a user flow in Azure AD B2C

 

Here are some more great examples of scenarios you can enable with API connectors: 

Protect against automated fraud and abuse. 


Protecting against bots and automated attacks on publicly exposed sign-up experiences is
 critical to your security posture. With API connectors and a bit of JavaScript, you can add any CAPTCHA or fraud detection and abuse servicesuch as Arkose Labs Platform, to your sign-up experience to help prevent fraudulent signups. 

Figure 1. A sign-up experience using the Arkose Labs Platform to protect against automated fraud and abuse.Figure 1. A sign-up experience using the Arkose Labs Platform to protect against automated fraud and abuse.

 

Use invitation codes  


Another way to protect your sign-up experiences is to
 limit it to certain audiencesUsing API connectorsyou can provision invitation codes for specific audiences and require users to enter a valid code during sign-up.  

Figure 2. A user flow that limits sign-ups to users with an invitation code.Figure 2. A user flow that limits sign-ups to users with an invitation code.

Perform identity verification 


Verifying
 or affirming your user’s identity can also reduce the risk of fraudulent signups by malicious actors. Using API connectors, you can integrate solutions from IDology, Experian, or other providers to verify user information based on user attributes collected at sign-up. 

Figure 3. A sign-up flow that collects user information and uses it to verify a user’s identity.Figure 3. A sign-up flow that collects user information and uses it to verify a user’s identity.

 

 

To get started, check out the great samples of these scenarios our team put together and learn how to add an API connector to a user flow. 

 

Simplify access with phone sign-up and sign-in user flows 


Round
ing out our improvements to user flows in Azure AD B2C, you can now enable users to sign-up and sign-in to your app using their phone number (phone-based SUSI). This reduces the need for additional passwords and makes the experience much easier on mobile devices. Like other credentials and identity providers, setting up phone-based SUSI for a user flow can be done with just a few clicks. This feature is now being rolled out worldwide. 

 

To get started, you can set up a user flow in the admin portal, using the combined phone/email sign-up option now under local accounts in the identity providers blade: 

 

  • End-users will see the option to use their phone number as well as a link to change their phone number when they get a new phone. 
  • Configure whether to collect a recovery email from users during sign-up or sign-in, to make it easier for userto reset their account. 

Admin experience for customizing identity providers settings on a user flow (left) and the resulting end user experience (right).Admin experience for customizing identity providers settings on a user flow (left) and the resulting end user experience (right).

 

Admin experience for configuring the recovery email prompt during sign-up and sign in (left) and the resulting end user experience (right).Admin experience for configuring the recovery email prompt during sign-up and sign in (left) and the resulting end user experience (right).

 

User flows with phone-based SUSI can also be managed using graph APIs to view, add, and delete local accountsCheck out the documentation to learn more. 

 

On behalf of the Azure AD External Identities crew, thank you for your feedback so far. We hope you’ll try out both preview features and share more about how you are customizing your B2C user experiences 

 

Robin Goldstein (@Robingo_MS) 
Partner Group PM Manager 
Microsoft Identity Division 

 

Learn more about Microsoft identity: 

 

Version history
Last update:
‎Dec 07 2020 10:23 AM
Updated by: