Azure B2C for Customer Identity Access Management (CIAM)

Identity Access Management (IAM) is a fundamental security component in a modern business. IAM is the process of centralizing and standardizing user registration, authentication, and authorization and is critical to establishing proper control over what goes in – and out – of your IT environment. A subset of IAM is Customer Identity Access Management (CIAM) which reflects how your external users may have different requirements and patterns within your systems. “Customer” and “consumer” – often used interchangeably – are a bit of a misnomer, as the individuals who typically fall into this category could be vendors, partners, contractors, or other third parties even though they may be part of a B2B relationship. In this article, we’ll explore a fictional case study that illustrates the real benefits of implementing Azure B2C for CIAM.

Organizational Profiles Using CIAM

Imagine there are two businesses that both have a desire to engage their customers in a more tightly integrated and secure digital experience. Our first business, Contosomart, is a local upscale grocery chain just opening up its fifth location. As part of its expanding business, Contosomart wants to refresh its website to offer online ordering and a loyalty program. Contosomart anticipates up to 500,000 active users from all walks of life but who largely fit the profile of a typical “consumer.” Our second business, CT Distribution, is a large grocery distribution network that is launching an initiative to consolidate its aging customer-facing applications. An important part of this consolidation involves replacing different user directories and authentication methods with a modern, unified platform for CT Distribution’s 10,000 business-to-business users.  

Collaborating Securely with Third Parties via External Users 

On the surface, these might seem like very different use cases and would necessitate different technology approaches. Not so! A number of cloud services exist to facilitate this collaboration with third parties and easily cover both organizations’ use cases. Azure AD B2C* is one such option 27Global recommends and often implements. If you aren’t familiar with it, Azure AD B2C (business-to-consumer) is a service from Microsoft that has several benefits that apply to both Contosomart and CT Distribution:  

  1. Secure, encrypted, repeatable authentication and authorization for Single-Sign-On to your environment
  2. Out-of-the-box flows for user sign-up, sign-in, and management
  3. Provides a single source of truth for metadata, roles, permissions, and claims for users and security groups
  4. Encourages the use of external identities via Identity Providers (IdP) for popular consumer domains (e.g., Facebook, Gmail, Apple, etc.) and business domains (e.g., Azure AD, Google Suite) 
  5. Cloud-based identity and access management service provides familiar Microsoft tools and interfaces (e.g., Graph API) for integrating with your other services and applications
  6. Native multifactor (MFA) options and conditional access policies allow you to drive secure access while fine-tuning the user experience
  7. Separates external user directory from internal user directory for an additional layer of enterprise security
  8. Clear audit data facilitates monitoring and proactive security

Azure AD B2C High-Level Architecture

Despite one organization having a consumer focus and the other organization having a business focus, this platform has the flexibility to serve both types of users. Moreover, utilizing Azure B2C can allow these organizations to provide a consistent experience for all of their external users, regardless of persona: If Contosomart wants to add business domain users alongside its consumers, it is already enabled to do so. As a final benefit, Azure B2C is virtually free for the first 50,000 monthly active users and is very reasonably priced after that. This can often be the deciding factor over the high cost of similar platforms from other providers.

Upgrade Your Cloud Security with CIAM

Your organization may not fit the profile of Contosomart or CT Distribution, but the benefits of CIAM solutions apply to any organization when engaging with external users. Azure B2C is just one solution among many.

27Global is a Microsoft Solutions Partner and an AWS Advanced Tier Services Partner and has experience with a wide array of CIAM platforms including Azure AD B2C, AWS Cognito, Auth0, and more. Interested in learning more about upgrading your application and cloud security? Contact us to learn more about the right solution for your organization.

*Azure AD is now named Entra ID. Azure AD B2C is a separate product with its own roadmap that has not been aligned under the Entra brand (yet). 

27G John Marney

John Marney, a visionary director at 27Global, boasts a rich tapestry of experience in steering businesses towards digital excellence. With a keen eye for innovative solutions, John has played a pivotal role in leveraging cutting-edge technologies to empower clients in their digital transformation journey. His passion for bridging the gap between business objectives and technological advancements continues to drive 27Global’s commitment to delivering unparalleled software and cloud solutions.

Share this post