Introducing Azure AD B2C
Azure AD B2C is a business-to-customer identity as a service aimed at public-facing mobile and web applications. Customers can use their preferred social, enterprise, or local account identities to get SSO access to your applications and APIs. These applications can be hosted everywhere, in Azure or other cloud providers, but also on-premises.
It offers a set of out-of-the-box authentication providers. These authentication providers can be used in your apps and custom APIs. For this, it uses industry-standard protocols and libraries, such as OAuth 2.0, OpenID Connect, and MSAL.
This means that developers don't have to add additional SDKs for making use of these authentication providers manually to their code; that is all handled by Microsoft and embedded in the SDKs that are used for authenticating against Azure. As well as the authentication providers that are offered by Azure AD B2C, you can also add your own authentication providers.
Azure AD B2C offers the following account types:
- Social accounts: Such as Facebook, Google, LinkedIn, and Twitter.
- Enterprise accounts: Azure AD accounts, or other accounts that use open standards protocols.
- Local accounts: These are accounts using email address/username and password and are registered inside the Azure AD B2C portal.
Your application needs to be registered inside the Azure B2C tenant. After registration, built-in flows and policies can be configured for the app inside the Azure AD B2C portal, where you can enable different authentication providers, set claims, and enable MFA that be used inside your applications. By configuring these user flows inside of the Azure AD B2C portal, they can easily be reused in different types of applications.
Important Note
Azure AD B2C is covered in more detail in Part 3 of this book: Azure AD Business to Consumer.
In the next section, we are going to set up the Azure AD tenant that we are going to use for all the demos in this book.
