ThirdSpace ThirdSpace
ThirdSpace
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Solutions
  • People
Load more
12 April 2019

Secure application sign-in with Azure AD B2C

  • CIAM
  • Azure AD B2C
Marcus Idle

In addition to smooth validation journeys and enabling single sign-on, Azure AD B2C also comes with a whole host of security benefits.

Here at ThirdSpace, one of the things we help customers with is to create authentication journeys (sign up, sign in, password reset) for public-facing websites and mobile apps, using Microsoft Azure AD B2C.

At a most basic level, this provides the public-facing website with a hassle-free way of logging in users – removing some of the burden from your website and reducing password reset issues.

At the login stage, your website diverts the user to B2C, and then when the authentication journey is completed, B2C returns an “ID token” to the website, containing information about the user (assuming the appropriate handshakes have occurred between B2C and the website).

But why would you spend money on a third-party service just to log the user in and give you back a token?

 

Demand more from your B2C experience!

One of the big attractions of single sign-on (SSO) as a service – or ‘Identity as a Service’ (IDaaS) as it is more commonly known – is the extra protection it provides both for your end users and for your organisation’s resources.

Building secure authentication journeys involves so much more than hashing the password and comparing it with your credentials database.

A basic pre-requisite is knowing that your login process is secure. Using an OpenID Connect solution – a tried and tested authentication protocol – rather than a home-grown solution is a good way of ensuring that you don’t just have a working login, but a secure one.

But after you’ve ticked that box, you need to consider how you protect against known threats.

“In December 2018, PHP versions 5.6 and 7.0, the underlying technology for 57% of all WordPress websites, stopped receiving security updates.”

Consider the average WordPress-based website. Many website owners do not apply patches, which means their websites become more and more vulnerable to new forms of attack. To make things worse, in December 2018, PHP versions 5.6 and 7.0 (the underlying technology for a staggering 57% of all WordPress websites) stopped receiving security updates.

Of course, many websites do not use established CMS platforms or web application frameworks as a basis for their login functionality – and these websites are far more exposed to threats because their vulnerabilities are not well known, publicised and patched.

See Azure AD B2C in action

Build online customer login and authentication experiences that delight. Watch this on-demand webinar and:

  • Learn how to implement and customise multi-factor authentication (MFA)
  • Learn how Azure AD B2C supports GDPR data requests and compliance
Watch now

Websites should defend against problems such as:

  • Unvalidated input
  • SQL injection attacks
  • Race conditions
  • Cross-site scripting attacks
  • Cross-site request forgery
  • Token/session replay
  • Elevation of privilege

However, without a team of security experts who can keep up to date with the latest threats, it can be a losing battle.

And that’s just the baseline of threat protection.

What about measures such as:

  • Invalid password lock-out
  • Bot detection
  • Throttling of resources when faced with multiple requests from a single IP
  • Ability to verify a user’s identity via known facts or one-time codes
  • Identity verification using multiple factors such as phone or text (multi-factor authentication)

B2C understands the threat posed by the user

Azure AD B2C can do all of this, and thanks to their tireless identity and security research, Microsoft have developed machine learning tools which also understand and respond to the threat posed by the user logging in or signing up.

This means that if a user seems highly suspicious to the AI, due to their current or previous behaviour (or other data about their identity), then the AI can prevent them from logging in altogether – protecting your organisation and potentially protecting the real user behind the identity, if that identity has been stolen.

Does your CMS or your IDaaS, do this?

It’s all on tap

Implementing Azure AD B2C is relatively easy. Using the Azure Portal, you need to register your web application and point it at the built-in user flows (such as “sign up or sign in”). These take over the user experience at the point of login and return access and id tokens once the user has completed their authentication journey.

You’ll pay a fraction of a penny per authentication, but you won’t need to worry about any of the hardware – or about the security for the authentication process. In other words, B2C can take quite a lot off your hands.

Just by offloading the sign in journey to B2C, and before you’ve spent any money on scale or on complex user journeys, you’re getting the industrial-strength security protection offered by Microsoft’s machine learning tools and other B2C features.

 

Conclusion

As we’ve pointed out in other blog articles, B2C can do quite a bit more for you – from engaging users with social logins, to creating smooth validation journeys – but security is certainly the biggest selling point among the customers we’ve spoken to.

Microsoft is sometimes referred to as ‘the biggest IT security company on the planet’ and with B2C it is certainly making its presence felt in this area.

Azure AD B2C will give you state-of-the-art security – on tap.

Next, see Azure AD B2C in action in this webinar or explore our dedicated web page for more info.

You may also like...

Blog

Reduce membership friction and stay secure with Azure AD B2C

Blog

Azure AD B2C: Built-in flows vs custom policies. Which is right for you?

Blog

Enable secure user authentication with advanced flows in Azure AD B2C

Recent Blog Articles

View All
Author
Marcus Idle
Head of CIAM and IP Development
Learn More

Apply for a free CIAM Workshop

Envision seamless sign-up and sign-in processes, and secure user authentication.

Apply for free workshop
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.