Microsoft Entra External ID is a customer identity access management (CIAM) solution
The solution is capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handling threats like denial-of-service, password spray, or brute force attacks.
Who uses Microsoft Entra External ID?
Any business or individual who wishes to authenticate end users to their web/mobile applications using a white-label authentication solution. Apart from authentication, the service is used for authorization such as access to API resources by authenticated users. It is meant to be used by IT administrators and developers.
Custom-branded identity solution
Microsoft Entra External ID is a white-label authentication solution. The user experience can be customized with a brand so that it blends with web and mobile applications. Pages displayed when users sign up, sign in, and modify their profile information can also be customized. Customize the HTML, CSS, and JavaScript in user journeys so that the Microsoft Entra External ID experience looks and feels like it's a native part of the application.
Single sign-on access with a user-provided identityMicrosoft Entra External ID uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and Security Assertion Markup Language (SAML). It integrates with most modern applications and commercial off-the-shelf software.
Integrate with external user stores
Microsoft Entra External ID provides a directory that can hold 100 custom attributes per user. However, the solution can be integrated with external systems. For example, it can be used for authentication, but delegate to an external customer relationship management (CRM) or customer loyalty database as the source of truth for customer data.
Another external user store scenario is to have Microsoft Entra External ID handle the authentication for an application, but integrate with an external system that stores user profile or personal data. For example, to satisfy data residency requirements like regional or on-premises data storage policies. However, the Microsoft Entra External ID service itself is worldwide via the Azure public cloud.
Progressive profiling
Another user journey option includes progressive profiling. Progressive profiling allows customers to coomplete their first transaction by collecting a minimal amount of information. Then, gradually collect more profile data from the customer on future sign-ins.
Third-party identity verification and proofing
Microsoft Entra External ID can be used to facilitate identity verification and proofing by collecting user data, then passing it to a third-party system to perform validation, trust scoring, and approval for user account creation.