Over the last 15 years or so, a connected society has essentially become the platform on which we run our lives, with the average person co-existing in both the digital and physical space. As a result, we have become comfortable with the idea of confirming who we are to gain virtual access to a plethora of goods, services, banking, retail therapy and work apps.
And while this digital convenience has made our lives simpler, it has also been an open invitation to those with both malicious intent and a desire to profit from what can often be a relaxed attitude to online security. In fact, cyberattacks are so common in the modern world that it is extremely likely that we only pay attention when they directly impact us.
For that reason alone, it is critical that the companies and organizations that we trust to keep our data secure have authentication processes in place to keep the black-hatted hackers out. A recent survey by Gartner said that cybersecurity was a top priority for IT decision makers, with the analyst forecasting that 61 percent of surveyed CIOs expected to increase their risk management spending in 2021.
There is never a bad time to talk about how a robust attitude to user authentication can help companies maintain their duty of care to the workforce and, inevitably, their customers.
With that in mind, this blog post will walk you through some of the various stages of the business-to-customer enterprise identity services provided by Microsoft Azure.
For the purposes of this exercise, you will be required to have an Azure account. If you don’t have one, you can create one by clicking here.
Understanding Universal Identity
According to Microsoft, more than one billion dollars is invested in cybersecurity research and development by the company every year. As part of its investment, Microsoft also has over 3,500 security experts on its payroll. To put it simply, security is a huge priority for the tech behemoth, and they want you to know it.
And while Microsoft Azure is the cloud platform, the services and products that fall under its umbrella are intended to be “future ready.” For example, the business-to-customer identity element is provided by Azure Active Directory B2C (Azure AD B2C), with the idea being that consumers use their preferred social, enterprise or local account identities to gain single-sign-on access to a company’s applications and APIs.
Azure AD B2C is a CIAM solution that can handle millions of users and billions of authentications per day. The directory manages the authentication platform’s scaling and security, monitoring and automatically responding to threats like as denial-of-service, password spraying, and brute-force attacks.
This focus allows companies to not only manage the requisite elements of authentication and security but also access built-in threat-intelligence and premium features. Without further ado, let’s dive into the steps required to authenticate users in Azure AD B2C.
Create an Azure AD B2C Tenant
You should also be aware of the following elements:
Once you have completed these steps, you should be good to go.
Select your B2C Tenant Directory
To begin using your new Azure AD B2C tenant, navigate to the directory where the tenant is stored.
In the Azure portal’s top menu, pick the Directory + subscription filter, then choose the directory that contains your tenant.
If your new tenant does not appear in the list at first, refresh your browser window and then pick the above filter in the top menu again. You can see how this should look in the visual below:
Optional: Add Azure AD B2C as a Favorite
This optional action makes it easier to choose your Azure AD B2C tenant in the walkthroughs that follow.
We recommend that you bookmark Azure AD B2C instead of looking for it in All Services any time you need to work with your tenant. By doing this and accessing the portal menu’s Favorites section, you will find it easy to navigate to your Azure AD B2C tenant.
This process just needs to be done once. Just make sure you’ve moved to the directory containing your Azure AD B2C tenant as mentioned in the previous section, select your B2C tenant directory, and then proceed as follows:
Register a Web Application in Azure AD B2C
Your applications must be registered in a tenant that you control before they can communicate with Azure AD B2C. This walk-through will show you how to use the Azure portal to register a web application.
For the purposes of this tutorial, an “internet application” is a typical web application in which the server handles most of the application logic. Frameworks such as ASP.NET Core, Maven (Java), Flask (Python), and Express may be used to build them (Node.js).
As we noted above, you will need to have an Azure account to register a web application. You will also need to build your own Azure AD B2C tenant (if you haven’t done so already), but you can use a pre-existing tenant if you have one.
For the record, you can use our latest unified App registrations experience or our legacy Applications (Legacy) experience to register a web application in your Azure AD B2C tenant. This can be achieved as follows:
Create a Client Secret
Enable ID Token Implicit Grant
The implicit grant is distinguished by the fact that tokens such as ID and access tokens are returned to the application directly from Azure AD B2C.
You can enable the implied grant flow in the app registration for web apps that request an ID token directly from the authorization endpoint, such as ASP.NET Core web apps and https://jwt.ms. To do this, follow these simple steps:
Create UserFlows in Azure AD B2C
You can have user flows in your applications that allow users to sign up, sign in, or manage their profiles.
In your Azure AD B2C tenant, for example, you can build multiple user flows of various types and use them in your applications as appropriate. User flows can be reused in different apps.
In this section, you’ll learn how to build a user flow for:
Using the Azure portal, this tutorial demonstrates how to build some suggested user flows. As a prerequisite, you will need to register the applications in the user flows that you want to create.
Create a Sign-up and Sign-in User Flow
In a single configuration, the sign-up and sign-in user flow manages both sign-up and sign-in interactions. Depending on the background, the app’s users are guided in the right direction. The process of creating this authentication tool is as follows:
Test the User Flow
Create a Profile Editing User Flow
This user flow enables users to edit their profile in your application.
Test the User Flow
Create a Password Reset User Flow
A password reset user flow is used to allow users of your application to (no surprises here) reset their password.
Test the User Flow
Implementation in ASP. Net Core Web Application
The final walk-through shows you how to use Azure AD B2C to authenticate users in an ASP.NET web app. This will allow you to authenticate to social accounts, enterprise accounts and Azure AD accounts via open standard protocols. A full tutorial from Microsoft can be found here, but these are the basic steps to follow.
End Result: A Fully Functional Azure B2C Service
As we discussed at the beginning of this blog post, authentication processes are a critical part of security touchpoints and end user access.
The steps that we have walked though are part of a fully functional Azure B2C service solution that will allow users to create and, importantly, log into their accounts. In the connected society, making that process both simple but secure will go a long way to maintaining trust and, importantly, ensuring that the digital experience is seamless for every end user.
To find out more about how Apexon leverages Microsoft Azure in developing your digital journey or cloud engagement, please contact us today. Alternatively, you can read more about our cloud solutions here.
Your message has been successfully sent. We will contact you very soon!