Evolving Azure AD for every user and any identity with External Identities
Published May 21 2020 05:00 AM 27.1K Views

Howdy folks,


Earlier this week at Microsoft Build, we announced that Azure Active Directory (Azure AD) External Identities is available in public preview. Azure AD customers have given us a ton of feedback that they want a single, integrated identity service for enabling collaboration with partners and customers of all types. That’s what we’re working to deliver, so I’m excited that we’re ready to share this important update with you today!


To kick off the discussion, I’ve invited Robin Goldstein, a Principal Group PM Manager on the Microsoft Identity team, to blog about this growing set of capabilities that enable organizations and developers to secure, manage and build apps for customers, partners or any other external users. You’ll find Robin’s blog below.


As always, we hope you’ll try out the new features and share feedback through the Azure feedback forum or by following @AzureAD on Twitter. 








Hi everyone,


I’m Robin and I lead the team’s efforts around B2B, B2C and our auth user experiences.  I’m thrilled to be participating in the Identity blog for the first time to talk about Azure AD External Identities and the new set of features that you can try out today. With Azure AD External Identities, we are making a whole bunch of investments that will make it easier for organizations and developers to secure, manage and build apps that connect with different types of users outside an organization. In case you missed our demo at Microsoft Build, you can watch the on-demand session for free. 


Now let me tell you what I’m so excited about. 


Organizations are collaborating and connecting with more external users than before, especially as they adapt to remote business environments. At the same time, IT departments are being asked to streamline costs while scaling to connect with a growing external user base of distributors, suppliers, and other business partners. Now more than ever, it is critical for business continuity to have a single, flexible identity solution to secure and manage these dynamic relationships while still protecting their most valuable data and assets.  


Build flexible, user-centric experiences for collaboration 


Many of our customers and developers use Azure AD and Azure AD B2C because ‘bring your own identity’ is an essential requirement for their applications and business workflows. Previously, we empowered employees to invite users from other organizations to collaborate as guests, and more recently, we have added even more ways for external users to collaborate with the general availability of Google federation and public preview of email one-time passcode


Now in public preview, admins and developers can enable self-service sign-up and sign-in for their apps, integrating Google and Facebook IDs in additional to the current set of identity providers. Once integrated, the experience can be continuously updated and customized without changing app code. Check out the documentation to learn more about enabling self-service sign-up with social IDs via the Microsoft Graph API.


Configure the end-user experience for sign-up with social identities both in the Azure AD portal and via API.Configure the end-user experience for sign-up with social identities both in the Azure AD portal and via API.



We know many of our customers rely on Company Brand capabilities to customize the look-and-feel of their identity experiences. Now, using custom user attributes, you can also localize and customize the forms a user fills during the self-service sign-up process. This gives you an easy way to gather more information about users accessing apps and services in your organization. Read the documentation to learn more about customizing attributes for your apps.



Configure and customize user attribute collection.Configure and customize user attribute collection.


You will find all of this in the new External Identities blade in the Azure AD Portal.


In the coming weeks, we’ll refresh the preview with support for external API connectors to further extend the experience via approval workflows or other external process. 


Protect your customers, apps, and brand 


Protecting sensitive data and staying compliant is critical to maintaining user trust. You may already use premium security capabilities of Azure AD such as Conditional Access and Identity Protection to secure your users and applications. These capabilities are also available to secure collaboration with External Identities. 


Govern external users more effectively 


Many of you may be managing external relationships by creating internal user accounts for every guest in your directory. Now you can convert these users to external users and get the benefits of External Identities. When you invite internal users to B2B collaboration, guest users represented as members in the directory can connect and collaborate using External Identities—while leaving the user ID, user principal name, group membership, and app assignments intact. This allows you to follow governance best practices while improving your end user experience. You can try out the public preview of this feature now. Check out the documentation to learn more


Securely manage all your external identities at scale 


External Identities extends the global availability, reliability, and scale of Azure AD to your customers and partners with built-in security and privacy as top priorities. Learn more about Microsoft’s commitment to security and data privacy


This is just the beginning of our vision for External Identities. I hope you’ll try out these public preview capabilities today and share your feedback. And don’t hesitate to ping me @RobinGo_MS if you have any feedback or questions, I’d love to hear from you.





Version history
Last update:
‎Jul 24 2020 01:07 AM
Updated by: