In today’s rapidly evolving digital landscape, the management of user identities has become a critical aspect of modern solutions. Gone are the days of relying on a single platform or a one-size-fits-all approach to authentication. With the advent of various platforms such as web and mobile, coupled with the diverse array of authentication methods available, it has become imperative to adopt efficient and sophisticated techniques for ensuring secure access to specific applications.
The reality is that modern solutions catering to external users, particularly customers, demand a contemporary approach to authentication and identity management. This involves implementing advanced systems that can seamlessly handle the complexities of multiple platforms and diverse authentication methods.
In this article, we discuss how Microsoft Entra Verified ID can help build modern and secure solutions for customer identity management and authentication.
The Way Customers Authenticate Has Evolved Over Time
In the past, the only option for logging into a system was through a username and password. This process was simple: users would register by providing their profile information, usually including an email address as their username, and creating a password. However, things have changed significantly since then.
When it comes to customer-facing solutions, it’s important to recognize that users no longer want the inconvenience of managing multiple accounts to access their favorite resources, such as web portals, emails, and shopping sites. Instead, they desire a unified identity that seamlessly works across different solutions and applications. This evolving expectation highlights the importance of providing users with a cohesive experience that eliminates the need for redundant authentication procedures, granting them a streamlined and efficient means of accessing their desired services. It’s possible that you have come across login screens, like the one below, that offers a range of identity providers to choose from, enabling users to utilize existing accounts from services like Facebook or LinkedIn.
This is the perfect scenario for Azure Active Directory B2C (Azure AD B2C). In our previous article, Managing Customer Identities with Azure Active Directory B2C, we described some important features of Azure AD B2C and how it can help organizations address challenges related to customer identity and access management. In this article, we will focus more on the login experience for the customers.
By leveraging Azure AD B2C, we can establish contemporary identity solutions for customer-facing applications. However, the journey towards innovation doesn’t stop there. Why not explore additional cutting-edge approaches to effectively manage digital identity? Let’s delve deeper into the realm of Verifiable Credentials and discover how they can be seamlessly integrated into the modern landscape of customer identity.
Enabling More Scenarios with Verifiable Credentials
In recent times, there has been a significant and widespread discussion surrounding the topics of Decentralized Identity and Verifiable Credentials. Microsoft some time ago announced service called Microsoft Entra Verified ID. Let’s discover what it offers and how it can be leveraged when building modern identity solutions for customer-facing applications. Before that, it is worth explaining some concepts such as Verifiable Credentials.
Verifiable Credentials offer a secure, privacy-conscious, and machine-verifiable way to express different types of credentials on the Internet, like driver’s licenses or university degrees. To grasp the concept of verifiable credentials, it’s useful to draw a parallel with physical credentials that individuals rely on to prove their identity, like a driver’s license, social security card, or diploma. Verifiable credentials, on the other hand, are digital representations of this type of data that users have control over and can use to verify their identity in the digital realm. A verifiable credential refers to a collection of identity data obtained from a trusted source (issuer), which can be shared by an individual or an organization (owner) with any desired entity (verifier), using cryptographic operations underneath to make the solution secure and tamper-proof.
Microsoft Entra Verified ID
Microsoft Entra Verified ID is a managed service that offers verifiable credentials. Microsoft Entra Verified ID is based on open standards and automates the verification process for identity credentials and facilitates privacy-protected interactions between organizations and users.
Verified ID is part of Microsoft Entra – the family of multi-cloud identity and access products.
What is provided with a Verified ID?
Issuer interface – Microsoft Entra Admin Center
With Microsoft Entra Admin Center, we can access the Verified ID service. From there we can configure the service and specify the credentials we want to issue. In the picture above we can see a Verified Employee‘s verifiable credential. It is used by Formula5 (our organization) to verify our employees. We can define custom Verifiable Credentials too and decide which data will be stored within them (like first name, last name, or driving license number).
Developer tools (SDKs and APIs)
Microsoft Entra Verified ID provides SDKs and APIs to make it easy to integrate existing solutions with it. We can for instance easily integrate our custom web application with Microsoft Entra Verified ID using APIs to make it possible to issue Verifiable Credentials directly from our application page.
End User Wallet (Microsoft Authenticator App)
Microsoft Authenticator is used as a digital wallet where all Verifiable Credentials are stored for a specific user. It is also the way a Verifiable Credential can be presented to a third-party verifier.
Use cases in the customer identity world
Let’s discuss a few use cases in the customer identity world where Verifiable Credentials can be helpful.
Onboarding customers
Onboarding customers can be one of the crucial use cases for Verifiable Credentials usage. Let’s use an example where a healthcare company offers different services. Patients can access the patient portal, once they create their account. However, there can be scenarios where patients are asked to provide their ID before accessing confidential medical data or scheduling a visit with a specialist. Instead of a complex verification process, patients can get their Verifiable credentials after their first visit to the clinic. Next time they want to access confidential medical data of their profile, buy medicaments, or schedule a visit with a specialist, they can just present their Patient’s Verifiable Credential.
We can take this a step further and also simplify the login process. Instead of using the standard username and password approach, we can utilize Verifiable Credentials for login in via a QR code, like presented below. Patients can scan the code with their phone and then present their Verifiable Credential via their wallet, in our case Microsoft Authenticator. Please note that our Healthcare organization can also choose to embed the credentials inside its own app rather than a third-party wallet. The choices and considerations on how to implement Verifiable Credentials are based on each organization’s customer/patient needs and desired experience.
Creating Digital Passes
Organizations can digitalize tickets or coupons for exclusive events and share them with participants. This reduces the need of creating paper-made passes. It also simplifies the process of issuance and validation. We can try to imagine a scenario where a company such as Starbucks offers a free cup of coffee each month. A coupon for the offer can be issued to each client as a Verifiable Credential so it can be presented it to the cashier for scanning. Once it is verified, the user can be eligible to get free coffee and we can also track who’s taken advantage of the coupon, when, and where. This will help us create more targeted coupons in the future.
See How It Works Using Formula Healthcare Demo Solution
We invite you to experience it for yourself
Formula5’s Formula Healthcare Demo Solution is a solution we’ve built to demonstrate the features of both Azure AD B2C and Verifiable Credentials. Click the link and try it for yourself! Once you’ve logged in via your selected identity provider you can then request a Patient’s Verifiable Credential. From there you can log out and then authenticate again but this time leverage your Verifiable Credential. No password or username!! If you want to learn more about Microsoft Entra Verified ID and need help, please check our Accelerator for Microsoft Entra Verified ID or contact us directly.
Watch video below to learn more!
Summary
In conclusion, the authentication experience for customers in the custom world is crucial. Standard authentication methods may not suffice in meeting their needs. It is vital to empower customers to utilize their existing identities to access applications. Azure AD B2C and Microsoft Entra Verified ID offer solutions that address the challenges associated with customer authentication experiences and more.
At Formula5, we understand that deploying and managing a Customer Identity and Access Management platform can be challenging, especially without specialized knowledge. That’s why we provide assistance to our clients through Formula5’s Accelerator for Azure AD B2C, a modular solution powered by Microsoft Azure cloud services.
For organizations seeking to venture into the world of Decentralized Identity, utilizing Verifiable Credentials supported by the Microsoft Azure infrastructure, we offer Formula5’s Accelerator for Microsoft Entra Verified ID. This enables a swift and seamless integration into the decentralized identity landscape.
