In this unusual year, organizations have doubled down ondigital engagement with their customers and are prioritizing the security and customization oftheir user experiences. We’ve kept this top of mind as we evolve our vision forAzure Active Directory (Azure AD) External Identities, making customization of identity experiences easier than ever.
Today we'reannouncingnew ways you can customize your B2C apps.Once again, we’ve got Partner Group PM ManagerRobin Goldstein on the blog to tell you more.
As always, we hope you’ll try out the new features and share feedback through the Azure forum or by following @AzureAD on Twitter.
At Ignite, we announced a step forward in our Azure Active Directory (Azure AD) External Identities journey with the addition of Conditional Access and Identity Protection to Azure AD B2C, extending Microsoft’s world-class security to help you protect customer and citizen identities.Today,we are excited to announce two more features that make it easier to design secure and seamless customer-facing experiences inAzure AD B2C: API connectors, and phone signup and signin for user flows.
Extendand secure user experiences with API connectors in Azure AD B2C
If you’ve been using Azure AD B2C already, you may be familiar with the ability to use REST API’s in your custom policies. With API connectors for user flows, you can now enjoy similar flexibility using our next-generation preview user flows which are also in public preview.
Azure Portal experience adding an API connector to a user flow in Azure AD B2C
Here are some more great examples of scenarios you can enable with API connectors:
Protect against automated fraud and abuse.
Figure 1. A sign-up experience using the Arkose Labs Platform to protect against automated fraud and abuse.
Use invitation codes
Another way to protect your sign-up experiences is tolimit it to certain audiences. Using API connectors, you can provision invitation codes for specific audiences andrequire users to enter a valid code during sign-up.
Figure 2. A user flow that limits sign-ups to users with an invitation code.
Perform identity verification
Verifying or affirming your user’s identity can also reduce the risk of fraudulent signups by malicious actors. Using API connectors, you can integratesolutions from IDology, Experian, or other providers to verify user information based on user attributes collected at sign-up.
Figure 3. A sign-up flow that collects user information and uses it to verify a user’s identity.
Simplify access with phone sign-up and sign-in user flows
Rounding out our improvements to user flows inAzure AD B2C, you cannow enable users tosign-up and sign-into your app using their phone number (phone-based SUSI).This reduces the need for additional passwords and makes the experience much easier on mobile devices.Like other credentials and identity providers, setting up phone-basedSUSIfor a user flow can be done with just a few clicks. This feature is now being rolled out worldwide.
To get started, you can set up a user flow in the admin portal,using thecombined phone/email sign-up option now under local accounts in the identity providers blade:
End-users will see the option to use their phone numberas well as a link to change their phone number when they get a new phone.
Configure whether to collect a recovery email from users during sign-up or sign-in, to make it easier for users to reset their account.
Admin experience for customizing identity providers settings on a user flow (left) and the resulting end user experience (right).
Admin experience for configuring the recovery email prompt during sign-up and sign in (left) and the resulting end user experience (right).
On behalf of the Azure AD External Identities crew, thank you for your feedback so far. We hope you’ll try out bothpreview features and share more about howyou are customizing your B2C user experiences.
Robin Goldstein(@Robingo_MS) Partner Group PM Manager Microsoft Identity Division