Skip to main content
TrustRadius
Microsoft Entra External ID

Microsoft Entra External ID
Formerly Azure Active Directory External Identities

Overview

What is Microsoft Entra External ID?

Microsoft Entra External ID (formerly Azure Active Directory B2C, or alternately, Azure Active Directory External Identities) provides business-to-customer identity as a service. Customers can use their preferred social, enterprise, or local account identities to get single sign-on access to applications…

Read more
Recent Reviews
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Verified User
Analyst in Information Technology
Information Technology & Services Company, 10,001+ employees
Return to navigation

Pricing

View all pricing

Premium P1 (for More than 50,000 MAU)

$0.00325

Cloud
per month per active users

Premium P2 (for More than 50,000 MAU)

$0.01625

Cloud
per month per active users

Entry-level set up fee?

  • No setup fee
For the latest information on pricing, visithttps://azure.microsoft.com/en…

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Demos

DEMO Azure Active Directory Business-to-Business | Azure Active Directory B2C

YouTube

Modern Identity Platform powered by Azure cloud (Azure AD B2C/CIAM)

YouTube

Configure authentication in Angular and WEB API by using Azure Active Directory B2C | Demo | LSC

YouTube
Return to navigation

Product Details

What is Microsoft Entra External ID?

Microsoft Entra External ID is a customer identity access management (CIAM) solution
The solution is capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.

Who uses Microsoft Entra External ID?
Any business or individual who wishes to authenticate end users to their web/mobile applications using a white-label authentication solution. Apart from authentication, the service is used for authorization such as access to API resources by authenticated users. It is meant to be used by IT administrators and developers.

Custom-branded identity solution
Microsoft Entra External ID is a white-label authentication solution. The user experience can be customized with a brand so that it blends with web and mobile applications. Pages displayed when users sign up, sign in, and modify their profile information can also be customized. Customize the HTML, CSS, and JavaScript in user journeys so that the Microsoft Entra External ID experience looks and feels like it's a native part of the application.

Single sign-on access with a user-provided identity
Microsoft Entra External ID uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and Security Assertion Markup Language (SAML). It integrates with most modern applications and commercial off-the-shelf software.

Integrate with external user stores
Microsoft Entra External ID provides a directory that can hold 100 custom attributes per user. However, the solution can be integrated with external systems. For example, it can be used for authentication, but delegate to an external customer relationship management (CRM) or customer loyalty database as the source of truth for customer data.

Another external user store scenario is to have Microsoft Entra External ID handle the authentication for an application, but integrate with an external system that stores user profile or personal data. For example, to satisfy data residency requirements like regional or on-premises data storage policies. However, the Microsoft Entra External ID service itself is worldwide via the Azure public cloud.

Progressive profiling
Another user journey option includes progressive profiling. Progressive profiling allows customers to coomplete their first transaction by collecting a minimal amount of information. Then, gradually collect more profile data from the customer on future sign-ins.

Third-party identity verification and proofing
Microsoft Entra External ID can be used to facilitate identity verification and proofing by collecting user data, then passing it to a third-party system to perform validation, trust scoring, and approval for user account creation.

Microsoft Entra External ID Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(55)

Reviews

(1-6 of 6)
Companies can't remove reviews or game the system. Here's why
September 14, 2023

Azure Active Directory B2C Review

Verified User
Analyst in Information Technology
Information Technology & Services Company, 10,001+ employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Azure Active Directory B2C helps provide seamless access to all the services and apps to the people either working on-site or working remotely and helps them stay productive. With the graphical overview of monthly activity, the Azure Active Directory B2C also makes it simple to manage all sign-ins. It is very reliable and secure.
Pros and Cons
  • Simple to use
  • Secure
  • Manage sign-ins
  • Customization
Likelihood to Recommend
Good for managing all your sign-ins and helps provide secure access from anywhere.
January 25, 2023

Great cloud solution for companies already using other MS Azure services.

Verified User
Technician in Information Technology
Information Technology & Services Company, 51-200 employees
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We use Azure AD B2C solution for one of our clients who need to authenticate end users to their mobile application and support their backbone as IT admins. It helped us to address and facilitate identity verification by gathering user data. Moreover, the progressive profiling feature helped their customers to complete their first transaction quickly and efficiently.
Pros and Cons
  • Single sign-on access with a user-provided identity.
  • Progressive profiling.
  • Authenticate individual customers.
  • Confusing pricing.
  • Complexity.
  • Interface
Likelihood to Recommend
The cloud-based aspect is well suited for our client as they also switched to MS365 and Azure platforms from the On-site infrastructure of their IT. For companies that are still using on-premise IT infrastructure, it may not be the best solution due to the complexity of the user interface, and the learning curve can be challenging for this type of client.
October 04, 2022

Scalable and easy to implement solution with great visibility

Verified User
Engineer in Information Technology
Electrical & Electronic Manufacturing Company, 1001-5000 employees
Score 7 out of 10
Vetted Review
Verified User
Use Cases and Deployment Scope
We use the Azure Active Directory B2C service to authorize access to our own custom web applications via API access. It is mainly used for authentication, control and monitoring of external users such as developers, and also for security reasons to defend against, for example, Denial of service, password hashing or brute force attacks.
Pros and Cons
  • authentication
  • authorization
  • monitoring access
  • Azure AD Application Proxy
  • inability to nest groups
  • no customized emails
Likelihood to Recommend
It is not easy to calculate the actual ROI due to the difficult quantification of all factors, but it certainly contributed a lot in protecting, monitoring and controlling access to our system. It also made it much easier to detect vulnerable external users with simple and "easy to hack" passwords they use on multiple apps.
September 21, 2022

Azure Active Directory B2C greatly connects with its peoples world

Verified User
Consultant in Product Management
Information Technology & Services Company, 51-200 employees
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
It help us to keep track of our teams groups and manage the user roles very easily. This also makes it easy to manage our sign in's with a nice overview chart of your monthly activity. There are a lot of apps and add-ins that work with this service. It works well with Microsoft Dynamics. There are a lot of tutorials that walk you through setting up and using this product. It's really a great turn-key system that is very secure and user friendly.
Pros and Cons
  • Single sign-on simplifies access to your apps from anywhere
  • Strong authentication for your customers using their preferred identity provider.
  • Integrating with social accounts such as Facebook or Google+
  • The Cost, This service is available on a pay-as-you-go (PAYG) basis.
  • Customization features
Likelihood to Recommend
Azure Active Directory has so many features. I love that with the B2C Collaboration it easily let’s you smoothly operate between personal and business security. You can also expand or contract that instance as you wish thereby increasing performance or decreasing cost based on the demand time to time. I wish the product had more customizations for collaborations such as multimedia integration/authenticate users for Microsoft 365
September 14, 2022

Cloud based - Business to Consumer

CR
Cj Rosenstiel
IT Apps Programmer Sr
Progressive (Insurance, 5001-10,000 employees)
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Azure Active Directory B2C allows users to sign into parts of our systems using multifactor authentication while still accessing the parts that do not need the added protection. The predefined user flows help create user experiences and access quickly, while the custom policies are for a more robust scenario. Both are unique and tailored to our needs.
Pros and Cons
  • User flows
  • MFA
  • User interface
  • Custom policies options
  • integrating
Likelihood to Recommend
Azure Active Directory B2C is well suited for businesses that require different levels of protection. You can use Azure Active Directory B2C for both signings into an application and added security once signed in. You can edit profiles, set up workflows, customize group policies, as well as provides several different verification methods such as email, phone call, SMS, or authenticator app.
February 25, 2022

Awesome product, lousy marketing -- it's Azure's best-kept secret!

Lars Kemmann | TrustRadius Reviewer
Lars Kemmann
Principal Architect
Netrix LLC (Information Technology and Services, 501-1000 employees)
Score 10 out of 10
Vetted Review
ResellerIncentivized
Use Cases and Deployment Scope
Azure Active Directory B2C is our go-to platform for customer identity and access management (CIAM) needs, both for our internally-developed applications and products as well as for our clients' customer-facing applications. Despite the name, Azure Active Directory B2C excels at both business-to-consumer and business-to-business ("B2B") functionality; I often explain to people that "B2C" should be read as "business-to-customer." We have used Azure Active Directory B2C for everything from prototype apps and small business scenarios to very large enterprises with millions of user accounts.
Pros and Cons
  • Customer identity
  • User experience customization
  • Integration and configuration
  • Security
  • Availability/reliability
  • Troubleshooting diagnostic logs effectively requires VS Code
  • Group and role management requires additional effort
  • The programming model (XML) could use some developer experience love
Likelihood to Recommend
Azure Active Directory B2C is sufficiently flexible and configurable that it can work in just about any customer identity and access management (CIAM) scenario. Its pricing model also scales well for both small businesses (for whom it's almost always free) and very large enterprises (who can optimize the cost of multifactor authentication at scale by using the Premium P2 SKU). Azure Active Directory B2C is particularly useful in scenarios where you want to integrate multitenant (corporate) Azure AD apps, for single sign-on from your AAD customers, with other accounts for your non-AAD customers.

The only technical limitation we've encountered over the years is that, natively, Azure Active Directory B2C does not support device "fingerprinting"; however, this functionality can be added (if needed) through Microsoft's Fraud Prevention service or other third-party solutions.
Return to navigation