12. Apps
Analytics
Line of
business
integration
Business
Social IDs
Business & Government IDs
contoso
Customers
Azure Active Directory B2C
Securely authenticate your customers
using their preferred identity provider
Capture login, preference, and
conversion data for customers
Provide branded (white-label)
registration and login experiences
FARM BUREAU
19. User
journeys
Open
standards
Connect to a
store or migrate
its users
Conditional
branching
Enrich user
journeys
Connect with
existing systems
Build complex apps with open standards
Identity Experts
Tailor every step of your user journey to
have complete control
Integrate with any SAML or OIDC
identity provider
Use REST APIs to enrich claims and
empower user journeys
Customize your user journeys with
conditional branching
Connect with existing CRM systems,
marketing tools, and databases
Connect to your existing user stores or
migrate from those systems seamlessly
There has never been a better time to be in technology.
Rock my linked in https://www.linkedin.com/in/thejeremygray/
This is how I think of users, employees (inclucing consultants/contractors or anyone we have a company level contract with) are like dogs…loyal they do what you want most of the time, we trust them. Customers are like cats, they like us most of the time, but wouldn’t really notice if we didn’t exists anymore. Internal administrators have a higher level of access and should be governed at a higher level.
These issues lead to us creating islands of authentication with no interop between them.
Log into Walmart and pull resources from flickr to print…how do we do this?
Jwt.io
Notice the “aud” / audience, this is scoped to the web application whereas the auth token is scoped to the function.
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-user-migration
You have options here on how to do the cutover and you should make a smart decision based on your users. The easiest would be to do a blanket password reset cutover. Send an email and say “Your password has been reset”, making them go through the normal password reset policy. A little less intrusive would be to manage in your application which IdP the user is on and cut them over when their current password expires.
https://github.com/Azure-Samples/active-directory-b2c-dotnet-webapp-and-webapi
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
cd C:\src\B2C-GraphAPI-DotNet\B2CGraphClient\bin\Debug
B2C Create-User ..\..\..\usertemplate-email.json B2C Create-User ..\..\..\usertemplate-username.json
Integrate with developer tools, libraries, and SDKs supporting OAUTH/Open ID Connect