Contact Us

Contact Us



Pleas confirm by checkbox


Technical

Identity, Authentication, And Access Management Using Azure Active Directory  

Author_img
By Nitesh Gupta September 22, 2021

Identity and Access Management (IAM) enables you to manage access to services and resources securely. With  IAM, you can create and manage AWS users and groups. It also gives you the right to allow and deny their access to AWS resources.

In today’s world, there are multiple IAM solutions that are available in the market. Even Microsoft offers its lightweight IAM tool over classic Active Directory that can be leveraged to authenticate users, provide identity, and control access. In this blog, I am going to compare the popular IAM solutions that are available. And, I will also highlight the pros and cons of using Active Directory B2C as an IAM solution for our application.

Microsoft IAM

Microsoft is known for its security; it has evolved a lot since its inception and is much ahead of the competition now.  The good ethics of Microsoft has made them a popular choice among industry leaders. Looking at its high popularity and years of market existence, Microsoft entered the SaaS-based IAM space a little late. Whereas Google and AWS on the other side have an upper hand or an advantage over Microsoft because of their more years of existence in the IAM market.

Google has perfectly integrated with most of the modern single sign-on (SSO) and login solutions as well. Similarly, AWS Cognito is also quite easy to use and makes the integration process seamless. There are some new players in the market like Okta who have been quite successful with their simple integration processes and handy with preconfigured adapters.

Now, Microsoft is trying to catch up with the competitors, but its system is a bit too complex for new users and integration options are also limited. For those who cannot jeopardize security over anything else, Microsoft should be their first choice. Though the setup for Azure Active Directory B2C is a bit tedious and time-consuming but is highly secure. Microsoft cares about the data privacy and security of its users. Let’s have a look at major key features Microsoft offers in its Active Directory

Important Features Of Microsoft’s Active Directory

Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs. Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (IAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handles the threats like denial-of-service, password spray, or brute force attacks. Some of its key features are listed below.

Features

    • Conditional Access (Role-based access control)
    • Identity protection
    • Reporting and monitoring
    • SAML Support

One other thing that we expect from a good IAM solution is to support multiple authentication methods and multi-factor authentication. Now, let me list down some main authentication methods as supported by Microsoft AD B2C.

Authentication Methods

Microsoft supports almost all popular authentication methods that are in the market. If you are planning to integrate it with the popular ERP systems then Microsoft has built-in adapters and ready-to-use methods. Here are some of the popular methods of Microsoft support.

    • Traditional username and password
    • Microsoft Authenticator App passwordless sign-in
    • OATH hardware token or FIDO2 security key
    • SMS-based passwordless sign-in
    • Federated identity provider integration
    • Partner Integration (https://docs.microsoft.com/en-us/azure/active-directory-b2c/partner-gallery)

Microsoft also supports a bunch of other methods and covers almost everything you need for Authentication.  But, with this, it has also got some limitations attached that I have discussed in the next section.

Limitations in Microsoft

Although Microsoft supports almost all popular authentication methods but it has got few limitations and bugs. Some bugs make  features almost unusable. Microsoft SDK for JavaScript is in the development stage and not mature for production use. There are many other bugs that make life painful for the development team. The thought process of Microsoft is also a little different from the industry in general. Their UI is difficult to use and the naming convention is a bit odd too.

Some of the key system limitations are:

    • It allows only 500 transactions per second per App Proxy application.
    • It allows only 750 transactions for the Azure AD organization.
    • Requires Microsoft environment.

For in-depth information, you can follow this source https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-service-limits-restrictions.

Microsoft offers almost all the modern features but it is a little time-consuming to understand and use. Other than this, Microsoft has built-in integrations for ERP and SCM systems like SAP and Oracle. When you integrate with enterprise applications Microsoft also provides support, unlike Google and AWS.

One of the most important factors while deciding IAM solution is the ease of integration. It is a deal-breaker for many, especially when we connect with a niche software or application that requires special integration methods. Microsoft has decades of experience in integrations and their systems are mature enough to support almost everything by now. Let’s have a look at some of the integrations Microsoft support with their Active Directory B2C.

Supported Integrations

For ready-to configure apps we can use built-in adapters and SSO mechanisms to connect. The process remains the same for one type of system. Once we configure our system to integrate with SAP, Oracle, and more, then we can easily add the new SAP, and Oracle as well.

For custom-built applications, we need to configure and build adapters to match their specifications. Custom-built applications might not have any connectors or mechanisms to connect with our system. We need to analyze it on a case-to-case basis as I have discussed below.

Comparison With Popular Systems

IAM tools have become the backbone of the technology industry. The IAM market is going through significant changes, as zero trusts become an increasingly important part of access management products, it is important to choose the right IAM solution. There are many IAM tools out there, but we will consider the most popular ones and compare Microsoft Active Directory against them.

Active Directory Firebase Cognito
Closed-source Open-source Closed-source
Backed by Microsoft Azure Backed by Google Backed by AWS
Easy integrations with LDAP Easy to integrate and manage with all open standards Easy to integrate and manage with all open standards
Free tier has limited features Cost-effective in free tier Free tier is very limited
Suited for enterprise applications and SSO with big ERP and SCM systems Suited for fast development and integrations

Suited for fast development and integrations

Who should use the Active Directory B2C?

If you are integrating with large SAP or Oracle-like systems, Active Directory is for you. If you are looking for trusted security then also you can consider Microsoft-backed Active Directory, which is highly trusted.

Who should avoid the Active Directory B2C?

If you are looking for fast-paced development with lots of customizations, then you should better avoid Active Directory B2C. Most of your time will go into understanding the framework and dealing with issues in plugins that are in the beta stage.

Final Thoughts

Azure Active Directory B2C is a niche solution and not widely used. It has good capabilities, strong security, and the backing of Microsoft. It is definitely a good product but it does not suit well for fast-paced development. It has some bugs in plugins and integration is also not seamless. So, before you make a decision analyze the pros and cons thoroughly, then decide based on your requirements. Till then, happy reading!

Related posts
Apache Spark Standalone Setup On Linux/macOS
Technical

Apache Spark Standalone Setup On Linux/macOS

By kulwinder.singh October 20, 2021
Apache Flink Standalone Setup on Linux/macOS
Technical

Apache Flink Standalone Setup on Linux/macOS

By kulwinder.singh October 13, 2021
Things to Know Before You Select A Crypto Wallet
Blockchain

Things to Know Before You Select A Crypto Wallet

By kulwinder.singh September 20, 2021
Solve 3 Most Irritating Outlook Email Rendering Issues.
Technical

Solve 3 Most Irritating Outlook Email Rendering Issues.

By kulwinder.singh September 15, 2021
Intuit Wasabi – A Scalable A/B Testing Solution
Technical

Intuit Wasabi – A Scalable A/B Testing Solution

By kulwinder.singh September 01, 2021
How To Pick The Right Data Analytics Strategy For Serverless Systems?
Big Data

How To Pick The Right Data Analytics Strategy For Serverless Systems?

By kulwinder.singh August 25, 2021
Change Notifications and Named Options using Options pattern in .NET Core
Technical

Change Notifications and Named Options using Options pattern in .NET Core

By kulwinder.singh August 18, 2021
Create Strongly Typed Configurations in .NET Core
Technical

Create Strongly Typed Configurations in .NET Core

By kulwinder.singh August 13, 2021
Partitioning Database - A Divide and Rule Strategy
Technical

Partitioning Database - A Divide and Rule Strategy

By kulwinder.singh June 02, 2021
Blockchain Interoperability Solution: How Chainbridge Can Be A Way Out?
Blockchain

Blockchain Interoperability Solution: How Chainbridge Can Be A Way Out?

By kulwinder.singh May 26, 2021

Stay updated

Get the latest creative news from Fubiz about art, design and pop-culture.