Share via

Entra External ID - User Flows - Questions

juni dev 356 Reputation points
2025-02-21T10:05:41.2433333+00:00

Hi,
I need to plan for a solution based in EEID vs AAD B2C. I know the answers for B2C but for EEID (which is our preferred solution), I need to know the following:

-Is it possible to configure the password complexity and how?
-Is it possible to configure the password ageing/expiracy and how? I believe not, right?
-Is it possible to configure the lifetime of tokens and how?
-Is it possible to configure the sessions lifetime and how?
-Does the user flow exposes an OIDC discovery endpoint like in B2C IEF custom policies?

-How to call a logout? Any logout endpoint?
-The UI customizations is only via portal and custom css file or is it possible to add javascript in anyway?

Can you help?
Many thanks,
JD

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,058 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Patchfox 4,016 Reputation points
    2025-02-21T10:33:53.37+00:00

    Hi juni dev I want to help you with this question.

    When I understand you right, you want to compare both solutions and you already know the answers with the B2C tenant.

    Here are my answers to your questions about EEID

    1. Password Complexity: Yes, it is possible to configure password complexity. Find more here: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#microsoft-entra-password-policies
    2. Password Ageing/Expiracy: Its supported, see the following: https://learn.microsoft.com/en-us/entra/identity/authentication/concept-sspr-policy#microsoft-entra-password-policies Passwords do not expire by default.
    3. Lifetime of Tokens: Yes, you can configure the lifetime of tokens. You can set token lifetimes for access tokens, ID tokens, and SAML tokens. This can be done through the Microsoft Graph PowerShell SDK or the Azure portal but in preview atm.

    https://learn.microsoft.com/en-us/entra/identity-platform/configurable-token-lifetimes

    1. Sessions Lifetime: Yes, you can configure session lifetimes. This can be done using Conditional Access session lifetime features. But its in preview: https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-session-lifetime
    2. OIDC Discovery Endpoint: Yes, there is an endpoint solution see the following: https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-custom-oidc-federation-customers
    3. Logout Endpoint: Yes EntraID External Identities has a Logout Endpoint implemented.
    4. UI Customizations: UI customizations in EEID are limited to portal and custom CSS files when you use the Browser Delegated Authentication flow. Another option would be native auth (mostly used for mobile or desktop apps but works for the web as well). There you develop the complete auth process by yourself with the ability to customize everything in the frontend
      https://learn.microsoft.com/en-us/entra/external-id/customers/concept-native-authentication

    I hope my answers help you with the comparison.

    If it answers your questions, please accept this answer as solved. Thanks

    0 comments
  2. Akhilesh Vallamkonda 12,180 Reputation points Microsoft Vendor
    2025-02-25T18:19:25.23+00:00

    Hi @juni dev

    Thank you for reaching Microsoft Q&A Forum!

    Let me answer your question one by one.

    1. Is it possible to configure the password complexity : Unfortunately, there is no feature to configure the password complexity
    2. Is it possible to configure the password ageing/expiry: Microsoft Entra External ID will follow Microsoft Entra password policies which is default.
    3. Is it possible to configure the lifetime of tokens: The token lifetime is same as workforce tenant. you can specify the lifetime of security tokens
    4. Is it possible to configure the sessions lifetime:
      Session control option is not available for Entra external ID tenant.
    5. Does the user flow exposes an OIDC discovery endpoint like in B2C IEF custom policies : Regarding the OIDC Please read the Add OpenID Connect as an external identity provider (preview)
    6. How to call a logout : You can use Front-channel logout URL, this is where send a request to have the application clear the user's session data. This is required for single sign-out to work correctly.
    7. The UI customizations is only via portal and custom css file or is it possible to add JavaScript in anyway: The customization options for the UI are primarily focused on using CSS and the built-in branding settings provided by Microsoft Entra External ID, customizations using JavaScript is not supported in Entra external ID tenant.

    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.