Identity and Access Management (IAM) has evolved into a cornerstone of modern enterprise strategy. Beyond simple logins, organizations must now orchestrate a complex web of identities—from internal employees and corporate partners to millions of global customers. Whether you are integrating with Microsoft 365, federating with social providers like Google and Facebook, or managing cross-company data sharing, the need for a robust designation is paramount.
While Microsoft has introduced Microsoft Entra ID as the successor for new implementations, the architectural patterns established in Azure AD B2C remain foundational. This presentation explores these high-level enterprise concepts, bridging the gap between legacy B2C designs and the future of Entra ID.
First, Let us illustrate the Evolution of Microsoft Cloud Identities:
| Service Name | Role & Scope | Target Audience | Support Status |
|---|---|---|---|
| Active Directory (AD DS) | The "Office Boss": Manages on-premise physical infrastructure, printers, and local servers. | Internal (On-Premise) | Active |
|
Microsoft Entra ID (Formerly Azure AD) |
The "Workforce Boss": Manages cloud identities, internal app access, and B2B guest collaboration. | Internal Employees & Partners | Active |
| Azure AD B2C | The Legacy Customer Tool: Built for public-facing apps. No longer sold to new customers as of May 2025. | External Customers | Retiring (May 2030) |
| Entra External ID | The "Everything External" Service: Unified solution for both B2B partners and Customer Identity (CIAM). | Partners & Customers | Strategic Future |
A Real World Design Example Within Azure AD B2C
The Ecosystem Components:
SellingOnline_Web: A React/Angular Single Page Application (SPA).
SellingOnline_Android: A native mobile application.
API Gateway (YARP or Azure API Management): Acts as the central entry point. Its primary responsibility is to intercept traffic and validate the JWT (JSON Web Token) issued by Azure AD B2C before forwarding requests to the internal network.
Microservices: SellingOnlineAPI, Core_Service, Image_Service, and PDF_Service reside in a protected private network, trusting the Gateway for identity verification.
Orchestrating Identity: User Flows vs. Custom Policies
Azure AD B2C offers two distinct paths for managing the user experience, depending on the complexity of your requirements:
User Flows (Built-in Policies): These are "out-of-the-box" templates provided by Microsoft. They are ideal for standard scenarios like Sign-Up, Sign-In, and Profile Editing. They are configuration-driven, fast to deploy, and cover 90% of common use cases.
Custom Policies (Identity Experience Framework): For complex enterprise requirements—such as integrating with a legacy REST API during registration, performing identity proofing, or multi-step migration logic—Custom Policies provide full control via XML-based orchestration.
Following screenshots are predesigned user flow templates, and they accommodate most cases.
Top comments (0)