We need an auth service like Auth0 or Clerk. So Customer Identity and Access Management (CIAM)
We're building all our services in Azure so we'd like to user their authentication service for the closest integration with Web Apps, APIs and Front Door.
However the Azure product naming seems incredibly complicated.
Reading this article titled Billing model for Azure Active Directory B2C links to this pricing page titled Azure Active Directory External Identities pricing
So is AD B2C the same as AD External Identities?
Then within the Azure Portal we are often told about 'Entra' when building a AD B2C tenant and services and one of those pages takes me to this article titled Microsoft Entra External ID which states in the FAQ at the bottom:
"Microsoft Entra External ID is a next-generation customer identity and access management (CIAM) solution for managing all external identities."
and then:
"Azure AD B2C is our current generation customer identity and access management product. Azure AD B2C will continue to remain a fully supported customer solution. There are no requirements for customers to migrate at this time and no plans to discontinue our current B2C product. Microsoft is committed to continued investment in the Azure AD B2C product. We encourage you to try out the next-generation platform, Microsoft Entra External ID, and give us your feedback while sharing your priorities. Get started with Azure AD B2C"
However when we click on the text Get started with Azure AD B2C we are taken to a page titled Azure Active Directory External Identities.
So would I be correct in saying that:
- Originally 'Azure Active Directory B2C' was called 'Azure Active Directory External Identities'
This is confusing for me as well. But it was definitely called AAD B2C from the start, AAD External Identities is a newer name. It's been used to refer to features supporting external users in the "regular" AAD as well.
- That 'Azure Active Directory B2C' and 'Azure Active Directory External Identities' are the same product
No. AAD B2C is AAD B2C. But honestly this is very confusing.
- That this product is going to be replaced by 'Microsoft Entra External ID'
Yeah, like they say in the docs the development of new features is focused on Entra External Identities. See: https://learn.microsoft.com/en-us/entra/external-id/customers/faq-customers#as-a-new-customer-which-solution-is-a-better-fit-azure-ad-b2c-or-microsoft-entra-external-id-preview.
- That 'Microsoft Entra External ID' is effectively a re-factored version of 'Active Directory B2C' which will not rely on old Active Directory architecture and is built as a CIAM solution more similar to Auth0 or Clarke rather than an extension of B2B Active Directory?
It's definitely built on Azure AD (now called Entra ID). It uses the same URLs, the same management UIs partially, there is a "b2c-extensions-app" app registration in the tenant, just like in AAD B2C.