Overview

Pros / Policies
cons

Fit? OAuth

User Graph
types Explorer
• External users

• Self-registration

• SSPR

• Local account or social to login

• Modern authentication standards (OIDC / OAuth2)

• Scales out-of-the-box

• MFA

• SSO
• Cost

• Tons of code to write for I & AM

• Sign in, sign up, forgotten user names and passwords.

• Sign in with social networks, with MFA

• Lot of resources to spend that are not working on the core function of your app
• Scalability

• Your identity system has to be available 24/7 and it has to scale

• High Availability
• Security

• If you have a list of names and passwords in your app, you’re a target

• Many people use the same username and password with multiple apps
• Officially called “B2C Basic”

• Still in preview – GA “shortly”

• Will also have B2C Premium – no details to date

Creating
a B2C
tenant
• Sign-up

• Sign-in

• Sign-up or sign-in

• Profile editing

• Password reset
• Applications

• Identity Providers

• User Attributes
• Local accounts – typically JoeB@gmail.com not
JoeB@b2c.onmicrosoft.com

• Facebook

• Google

• Amazon

• LinkedIn

• MSA
 Sign–up /
in: Local &
Facebook

Edit
attributes
B&C
 Sign–up /
in: Local &
Google

Edit
attributes
Y&Z
GET https://login.microsoftonline.com/x.onmicrosoft.com/oauth2/v2.0/authorize
?p=b2c_1_sign-in-email
&client_id=6b6…d1e6f9f2
&redirect_uri=https://localhost:123456
&response_mode=form_post
&response_type=id_token
&scope=openid
&…
Extending B2C
External user

WS-Fed / SAML Internal

SaaS WS-Fed / SAML / OIDC applications
/ OIDC

IdentityServer

OIDC (Extended)

And ADFS 4.0? Azure AD B2C

 Stored user/month Price

First 50,000 Free

Next 950,000 $0.00164

Authentications/month Price

First 50,000 Free

Next 950,000 $0.00418

MFA Price

All $0.0448 per authentication

For the first 100,000 users, this is NZ$82 / month plus NZ$209 / month = NZ$291 / month.
For subsequent slots of 100,000 users, this is NZ$164 / month plus NZ$418 / month = NZ$582 / month.
 No WS-Fed / SAML 2.0 support

Minimum help desk No SaaS integration

involvement

Page look and feel can be Not a “normal” AAD tenant

customised

Customised reset password Extended OAuth2

Don’t have to roll your own No AD Connect

(security!)

Can’t add other social providers

SSO
You can add users from other tenants for admin. purposes

BUT

The best way to think about B2C is that only those users that signed up using B2C in
the first place are the ones that can sign in to an application using it.
 450
million
-