Jaa


Azure AD B2C - Part 3 - User Experience

In this final post of the series we will test the Azure B2C applications we have set up in the previous posts (link here). We will show the user experience with Azure AD B2C using different B2C policies and using email\social identities for signup\logon. Just to recap we have 2 applications:

  1. A Job Portal that requires users to log in so relevant jobs are surfaced to those users and to simplify job application. This application must provide email and a social identity provider as authentication types and no MFA is to be enforced.
  2. A Payroll Portal that requires stronger authentication to allow users to view payslips, manage bank details etc. This application must provide email and a social identity provider as authentication types and MFA is to be enforced.

Let's test the Contoso Jobs Portal first. I navigate to the Contoso Jobs Portal and I'm a new user (Joe Bloggs) who needs a job!

So Joe clicks "Sign up/Sign in" and is re-directed to the Azure AD B2C page.

Joe doesn't want to use social login so decides to "Sign up now" and is presented with the following sign-up page.

Joe enters the required information (as defined in the sign-up policy) and has to verify that the email address is valid and belongs to Joe. Joe now clicks "Create".

 

Joe is now logged in and her account is provisioned in the Azure B2C directory. From this point Joe can log on and use the Job Portal with those credentials. However Joe has now moved house and needs to change her Postal code\Zip code. To do this Joe clicks on her name and selects "Edit Profile" (Note: "Reset Password" so Joe can reset her password inline with the policy you have defined.)

Joe is then presented with the "update profile" page which shows the information that Joe is allowed to edit.

Joe changes the Postal code\Zip Code, clicks "Continue" and is returned to the application.

Joe now gets a job! She has worked her first week and now it's time to view her payslip on the Contoso Pay Portal.

She already has an account in the Azure B2C directory so no need to sign up but will it seamlessly sign in??? Joe enters her credentials and is presented with the following:

No, she isn't seamlessly signed in....but remember this is the behaviour we want. A single factor of authentication for the Contoso Jobs Portal but we wanted a stronger level of authentication for the Contoso Pay Portal. Joe now enters a phone number and clicks "Send Code". Joe enters the code she has received and is logged into to the Pay Portal!

Another person has decided to look for a Job. Mike Smith is a little more adventurous and would like to use his Facebook credentials for log on to the Contoso Jobs Portal. Mike connects to the portal and clicks on "Sign up/Sign in". He is then presented with the Azure AD B2C page.

Mike clicks on the "sign in with your social account" button and is presented with the following

Mike enters his credentials and clicks "Log in" and is presented with this:

Mike accepts the terms and then is presented with the Azure AD B2C sign in page to ensure all the required attributes are populated. These will be auto populated if the information is present in your Facebook profile. If not it will prompt you to enter the additional information. Mike will need to verify the email address and then click continue.

Now Mike is logged into the Contoso Jobs Portal with Facebook, his social identity provider!

So to wrap up. Contoso Recruitment wanted to provide a simple, secure and consistent authentication experience for consumers to access their public facing applications. Each application has differing security\authentication requirements but Contoso Recruitment wanted to achieve this with a single identity to access all of their public facing applications. I hope this series of posts has shown how this is easily achieved using Azure AD B2C.

That's the last post in the series. Follow me if you would like to see future posts. Thanks for reading.

MD