Azure Active Directory B2C is a new enterprise-grade, multi-tenant, cloud service that provided a secure cloud identity platform for consumer-facing applications, supporting authentication and management of consumer identities.
The new service is based on open-standards and provide cross-platform support, adding modern identity and security capabilities to iOS, Android, Windows, and browser-based applications and services.
Using Azure Active Directory B2C allows consumers to sign-up for your applications using their existing social accounts (Facebook, Google, Amazon, LinkedIn) or by creating new credentials (email address & password or username & password).
Azure Active Directory B2C can be purchased either on an Microsoft Enterprise Agreement or via Azure Direct.
The usage in the service will be billed monthly based on the total number of both:
- Stored Users: Users stored in the Azure AD B2C directory
- Authentications: Tokens issued either in response to a sign-in request initiated by a user, or initiated by an application on behalf of a user (e.g. token refresh, where the refresh interval is configurable).
The per application Multi-Factor Authentication option can be enabled for a separate fee.
The service is currently in preview, and during the preview period, the service will be free.
Registration for Azure Active Directory B2C
Sign in to the Azure management portal as the Subscription Administrator:
https://manage.windowsazure.com
Click All Items
Click New
Click App Services -> Active Directory –> Directory
Click Custom Create
Enter Name, Domain name, Country and select the This is a B2C directory option.
Click the Complete check mark.
After the registration, the domain name can be changed to your own vanity domain name.
When the registration has competed, open the newly created B2C directory
Register an application
To register an application, select the Application option and click Add
The wizard provides options to add either a web application/API or a Native client application (can installed on the users device.
Configuration of B2C directory settings
For configuration of settings in the B2C directory, select the Configure option and click Manage B2C setting
This opens the Azure portal (https://portal.azure.com( where a range of specialized settings in the B2C directory can be managed, including User attributes, Sign-up policies and Sign-in policies.
In addition, under the Configure option, you may enable User Password Reset Policy allowing consumers (who have signed up for an accounts) to reset their passwords on their own. Leave the Alternate Email Address option checked.
Currently, a verified email address is the only supported recovery method, but additional recovery methods (verified phone number, security questions, etc.) is will be added in the future.
References: