Authentication

Why migrate? Azure AD B2C has served customer identity and access management (CIAM) needs well for years (XML Custom Policy Framework as powerful solution - but hard to learn and maintain), but Microsoft Entra External ID is its successor — bringing native Entra capabilities, modern built-in authentication patterns (passkeys, federation, native authentication SDKs), and direct integration with Entra governance and Conditional Access. If you run B2C today, migrating positions you for a stronger security posture, simpler access policies, and the latest authentication innovations. ...

It has been nearly two years since my initial exploration of Entra External ID for Customers - Native Authentication back in June 2024. Since then, the authentication landscape has evolved, and Microsoft has continued to enhance the capabilities of Entra External ID. In this update: Native Authentication has been extended to support Multi-Factor Authentication (MFA). One-Time Passwords (OTP) via email and SMS have been enabled as additional authentication methods. I am still keeping my fingers crossed for magic link authentication and passkey support! ...

Tl;dr I will show you typical CIAM challenges, scenarios, diagrams, and links to the repositories with the implementation of the new Azure Service—Entra External ID for Customers (CIAM). Big Picture Link to bigger picture. Introduction Entra External ID for Customers is a new Azure Tenant type that allows you to create digital identities for your customers. It is a separate tenant type, not connected with your organisation’s tenant. ...

Tl;dr Security and privacy are paramount in today’s digital age, especially regarding personal information and interactions. One innovative approach to bolstering security in digital communications, such as phone calls, is using verifiable credentials for authentication. Details Here’s a simplified explanation of how phone call authentication via verifiable credentials works. Imagine you receive a phone call from a service provider, say your customer. Instead of going through the traditional and often tedious method of answering security questions (which could be guessed or obtained by someone else), the authentication process involves a digital handshake using verifiable credentials. ...

TL;DR You started your cloud journey with AWS and you need to authenticate your first customers, partners. You don’t want to build your own authentication service - you want to use a managed service. AWS Cognito is a great solution for you. It is easy to start with, cheap, and easy to integrate with the frontend and backend. You can start with a sample solution from AWS and workshop. ...

History 2024-06-02 - Initial version 2025-03-03 - Updated Summary TL;DR With Azure AD B2C we can authenticate users via a browser-based feature - we run the OpenID Connect flow in the browser, authenticate the user via the Authorization Code flow, and get the token. But what if we want to stay with the mobile application? On the Desktop application? With Entra External ID we can use the native authentication flow. ...