Microsoft employs a myriad of acronyms for their product names, so it’s often difficult to tell them apart or to guess their function. “Azure AD (Microsoft Entra ID) B2C” is one such product. It doesn’t have a very information-rich name; if you tried to guess what it does, you’d probably be wrong.
Let’s talk about Azure AD B2C and how to use it for 802.1x authentication.
What is Azure AD (Microsoft Entra ID) B2C?
Azure AD B2C is a nifty authentication solution from Microsoft that fills a very particular niche – it allows consumers (hence B2C) to use their preferred identity provider for authentication to your application or API.
At its core, Azure AD B2C is a customer identity access management (CIAM) solution. It largely handles the hassle of securely authenticating users of your application and defends against most authentication attacks (brute force, password spray, denial-of-service, etc).
Azure AD B2C is well-loved because it’s also a highly customizable solution. You can change most any part of the enrolling and authentication process to fit with your brand identity or to influence the customer journey.
What External Identity Providers Does Azure AD B2C Support?
The real value of Azure AD B2C is in the sheer variety of external directories it can integrate with. The reason for its versatility is simple, however – it was built to comply with all of the major (cloud) standards-based authentication protocols:
- OAuth 1.0
- OAuth 2.0
- Open ID Connect
- SAML
Those standards cover just about every enterprise and social identity provider, which means there are plenty of familiar applications for the user to choose from for external authentication. Here are some examples:
- Amazon
- Microsoft
- Apple
- GitHub
- Slack
In fact, most SaaS products will use one of the supported standards for their directory, so the options for integration are almost limitless. Like the rest of the Azure suite, Azure AD B2C particularly excels in cloud integration and functionalities.
Can You Use Azure AD B2C for On-Premise 802.1x Authentication?
Yes, technically, but it’s not the best solution.
Azure AD B2C can be used to authenticate requests by referencing an external user store, even an on-premise one (such as Active Directory) if you can correctly integrate an API. This could be useful if you need to have on-site data storage to fulfill data residency requirements.
It shouldn’t be your first choice, however, since Azure products tend to have limited native functionality in on-premise implementations. They have to compromise on security and cost-efficiency.
Can You Use Azure AD B2C for Internal 802.1x Authentication?
Again, it’s possible, but it would be a pretty poor use for the product. It’s true that Azure AD B2C can both perform 802.1x authentication and has its own internal directory for user authorization. Using it in this manner would be redundant, however, since there are other Azure suite solutions that perform the same functions better.
You could use Azure AD B2C in this scenario to offer secure 802.1x guest Wi-Fi for something like short-term residents of a shared workspace. That way, people could use their existing Facebook login to access your Azure App that is connected with a 802.1x solution (such as SecureW2), so their devices could be easily enrolled for secure Wi-Fi.
The Best Solution for External Identity Management
Azure AD B2C is a perfect fit for its role – it can integrate with most any cloud directory for authentication. Allowing users to authenticate via an application that they already know and trust can help convert users to your application, or simply smooth the way by removing the burden of managing your own directory.
If your cloud application requires a fully-featured managed cloud PKI, however, you should consider SecureW2. Our turnkey cloud PKI can integrate into your existing network infrastructure without any forklift upgrades. Sure, Azure AD B2C can integrate with lots of services, but we are completely vendor-neutral and can integrate with virtually every access point, IdP, CA, and more.
SecureW2 has affordable solutions for organizations of all sizes. See our pricing page here.
Interested in integrating your network with Azure? We can help.