Accelerator for Azure AD B2C

Challenges that organizations may face when implementing Customer Identity and Access Management (CIAM) solutions

• Balancing security and convenience: CIAM solutions need to strike a balance between providing strong security measures to protect customer data and delivering a convenient and seamless user experience. Organizations need to find ways to authenticate users without introducing too much friction that might drive customers away.
• Managing consent and privacy: CIAM solutions need to comply with data protection regulations such as GDPR and CCPA, which require organizations to obtain customer consent for data processing and provide customers with control over their personal data. Managing customer consent and privacy preferences can be complex, especially when dealing with large volumes of data.
• Scaling to meet demand: As organizations grow and expand their customer base, their CIAM systems need to be able to scale to accommodate the increasing demand for authentication and authorization services. This can be particularly challenging for organizations that operate globally and need to provide CIAM services across multiple regions and time zones.
• Integration with existing systems: CIAM solutions need to integrate with existing systems such as CRM, marketing automation, and customer service platforms. Integration can be complex and time-consuming, particularly when dealing with legacy systems or multiple vendors.
• Ensuring interoperability: CIAM solutions need to be able to work seamlessly with different devices, browsers, and operating systems. Ensuring interoperability can be challenging, particularly as new technologies and standards emerge.
• Managing risk: CIAM solutions need to identify and manage risks such as fraud, hacking, and data breaches. This requires continuous monitoring and updating of security measures to keep up with evolving threats.
• Maintaining compliance: CIAM solutions need to comply with data protection regulations such as GDPR and CCPA, as well as industry-specific regulations such as HIPAA and PCI DSS. Compliance can be complex, particularly for organizations that operate in multiple regions and industries.

Formula5’s Accelerator for Azure AD B2C – Capabilities

Our Azure AD B2C Accelerator addresses all above challenges and offers rich set of features to provide the best user experience when it comes to authentication and application access. Our accelerator enables:

• Look and feel customization for login, registration, password reset and profile edit pages.
• Integration with other identity providers including social ones like Facebook or Twitter.
• Enhanced security for users with multi-factor authentication and conditional access support.
• High availability and scalability.
• Managing user consents and account privacy.
• Easy integration with external services and APIs.
• Monitoring and insights about platform usage like failed user authentication operations.

Our accelerator consists of three main parts:

• Deployment scripts to quickly set up Azure AD B2C identity service in the cloud.
• Deployment scripts to automate the deployment of login, registration, and password reset pages.
• Infrastructure templates to include additional components like authentication with magic links.

Formula5’s Accelerator for Azure AD B2C Powered by Microsoft Azure Cloud

Azure Active Directory B2C identity service is the heart of our accelerator. It acts as Identity Provider and enables user authentication. However, utilizing only Azure AD B2C service can be not enough to build modern identity platform to manage customer identities. This is why we decided to build components that consists of different Azure cloud services to handle different kinds of requirements.

• Azure Storage Account – to host custom branding files for login, registration, profile edit and password reset pages.
• Azure Key Vault – for storing solution’s secrets and credentials.
• Azure Front Door – to enable using custom domain for Azure AD B2C pages aligned with the domain of your organization and to protect login pages with Web Application Firewall.
• Azure Container Apps – to host different kinds of APIs like: Magic Links API for handling magic links authentication, or User Management API to manage users in the Azure AD B2C programmatically (for instance for user migration purpose).
• Azure App Configuration – to keep solution’s configuration parameters in the central place.
• Azure API Management – to protect access to solution’s APIs like Magic Links API.

Azure AD B2C Accelerator is built with modular approach in mind. It means that different parts of the solution can be added or removed independently.

We utilize secure DevOps practices to deploy Azure AD B2C Accelerator’s components quickly and without unexpected issues. This is why:

• Infrastructure code and configuration for Azure AD B2C tenant and other components is stored in the GIT repository.
• User flows (login, registration) are stored in the GIT repository.
• We can utilize platforms like Azure DevOps or GitHub to deploy and update platform components.
• We securely manage secrets and credentials in DevOps pipeline.

More on the Formula5’s Insights Blog: