Here are some tips that can help you with user management:
- Use CIAM User Interface to create a new user: with Azure AD B2C Policy - User Journey, you can create a single point for all applications to create a new user, making the process efficient, streamlined, easy to improve and change.
- Don’t share personal information with applications: Adopt a zero-trust approach to avoid sharing personal information with applications. Instead, you can use centralised communication with end-users for marketing and other purposes (It is only possible with some business cases).
- Avoid using email addresses as user identifiers: Not sharing them reduces the possibility of them being used as identifiers by new and migrating to CIAM applications. Also, for all primary cases, email is a basic user identifier (with password); hiding email from applications gives you independence and flexibility in the future - for example, using FIDO or Passkey or without keeping an email address.
- Use REST|SCIM API with temporary access for applications: This can be useful for migration purposes, as it provides temporary access for applications - granting limited time-frame access so you can easily monitor API usage. The main channel for sign-up users is the User Interface (Policy) - (KISS rule - it will be easier to maintain one component).
- Use CIAM solutions like Azure AD B2C for password security: These solutions take care of passwords and other security measures for you, so you don’t have to worry about them. Remember that you don’t have access to the user passwords via API or management portal.