In this unusual year, organizations have doubled down on digital engagement with their customers and are prioritizing the security and customization of their user experiences. We’ve kept this top of mind as we evolve our vision for Azure Active Directory (Azure AD) External Identities, making customization of identity experiences easier than ever.
Today we’re announcing new ways you can customize your B2C apps. Once again, we’ve got Partner Group PM Manager Robin Goldstein on the blog to tell you more.
At Ignite, we announced a step forward in our Azure Active Directory (Azure AD) External Identities journey with the addition of Conditional Access and Identity Protection to Azure AD B2C, extending Microsoft’s world-class security to help you protect customer and citizen identities. Today, we are excited to announce two more features that make it easier to design secure and seamless customer–facing experiences in Azure AD B2C: API connectors, and phone sign up and sign in for user flows.
Extend and secure user experiences with API connectors in Azure AD B2C
API connectors allow you to leverage web APIs to integrate with external cloud systems to customize your identity user experience. Earlier in the year, we shared how you could customize External Identities self-service sign-up with web APIs in Azure AD to enable common use cases like approvals and data validation. You can now use the preview of API connectors for Azure AD B2C to enable those same scenarios and more.
If you’ve been using Azure AD B2C already, you may be familiar with the ability to use REST API’s in your custom policies. With API connectors for user flows, you can now enjoy similar flexibility using our next-generation preview user flows which are also in public preview.
Here are some more great examples of scenarios you can enable with API connectors:
Protect against automated fraud and abuse.
Use invitation codes
Another way to protect your sign-up experiences is to limit it to certain audiences. Using API connectors, you can provision invitation codes for specific audiences and require users to enter a valid code during sign-up.
Perform identity verification
Verifying or affirming your user’s identity can also reduce the risk of fraudulent signups by malicious actors. Using API connectors, you can integrate solutions from IDology, Experian, or other providers to verify user information based on user attributes collected at sign-up.
Simplify access with phone sign-up and sign-in user flows
Rounding out our improvements to user flows in Azure AD B2C, you can now enable users to sign-up and sign-in to your app using their phone number (phone-based SUSI). This reduces the need for additional passwords and makes the experience much easier on mobile devices. Like other credentials and identity providers, setting up phone-based SUSI for a user flow can be done with just a few clicks. This feature is now being rolled out worldwide.
To get started, you can set up a user flow in the admin portal, using the combined phone/email sign-up option now under local accounts in the identity providers blade:
- End-users will see the option to use their phone number as well as a link to change their phone number when they get a new phone.
- Configure whether to collect a recovery email from users during sign-up or sign-in, to make it easier for users to reset their account.
On behalf of the Azure AD External Identities crew, thank you for your feedback so far. We hope you’ll try out both preview features and share more about how you are customizing your B2C user experiences.
Robin Goldstein (@Robingo_MS)
Partner Group PM Manager
Microsoft Identity Division
Learn more about Microsoft identity:
- Related Articles: API connectors available in preview for External Identities guest users; B2C phone sign-in and sign-up using custom policies GA announcement
- Return to the Azure Active Directory Identity blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Azure Feedback Forum