Howdy folks,

Today, I’m delighted to announce the general availability of the Identity Experience Framework and custom policy support in Azure Active Directory B2C! Now you have the ability to use the Identity Experience Framework as your identity orchestration platform—so you can craft your own identity journeys that interoperate with multiple identity providers and data sources.



Today’s release of custom policies in Azure Active Directory B2C gives you the ultimate flexibility. You can now create your own UX patterns, so you can deliver on highly tailored requirements unique to your apps, your user base, and your cross-organization relationships. For those already experienced with Azure AD B2C, read Get started with custom policies in Azure Active Directory B2C.



Azure Active Directory B2C pre-designed user flows are being used by tens of thousands of customers to provide fully branded experiences to sign-in to apps and secure APIs using standard sign-in, sign-up, password reset, and profile edit UX patterns.

Sign up for our webinar on April 18th: Connect more effectively with customers using Azure Active Directory B2C.



Already helping millions of customers and citizens

Hundreds of early adopters (e.g. developers, identity experts, and systems integrators), serving millions of customer and citizens, are already using Azure AD B2C to enable their digital transformations.

Here are just a few examples of the services our customers have live today:

A single verified identity across many independent organizations. MyGovID is a single online identity service that enables clients to access Irish Government provided digital services in a safe and secure manner. There have been over five million sign-ins to date, enabling citizens to access services across several government departments such as Social Protection, Employment services, Revenue, Drivers licenses, and Third Level Student services with more services coming online later in 2019 in the Agriculture, Health, and Voter Register sector.

MyGovID is a single online identity service that enables clients to access Irish Government provided digital services in a safe and secure manner. There have been over five million sign-ins to date, enabling citizens to access services across several government departments such as Social Protection, Employment services, Revenue, Drivers licenses, and Third Level Student services with more services coming online later in 2019 in the Agriculture, Health, and Voter Register sector. “Smart” sign in user journeys. More than 10 million Subway (restaurant) customers were migrated seamlessly without changing passwords from an old, identity solution into Azure Active Directory B2C. By upgrading customer identity, Subway customers can connect through their mobile native application and take better advantage of their loyalty program. Watch Subway’s presentation at Ignite.

More than 10 million (restaurant) customers were migrated seamlessly without changing passwords from an old, identity solution into Azure Active Directory B2C. By upgrading customer identity, Subway customers can connect through their mobile native application and take better advantage of their loyalty program. Watch Subway’s presentation at Ignite. Introduce the cloud at your own pace with your existing identities and legacy applications. The New Zealand Ministry of Education achieved single-sign-on (SSO) across 24 legacy applications and a modern identity provider in record time, under budget, without having to make changes to the apps and without moving their users. Read the case study to learn more.

The achieved single-sign-on (SSO) across 24 legacy applications and a modern identity provider in record time, under budget, without having to make changes to the apps and without moving their users. Read the case study to learn more. Seamless migrations, cleaner data. The financial broker, FxPro, migrated 700,000 clients with no change to user credentials with journeys that interacted with corporate REST API services to verify and update user data, with no downtime, and a seamless user experience. Read the case study to learn more.

Features included in the release

To achieve this flexibility, we call this Microsoft-patented technology the Identity Experience Framework. Here’s a summary of the generally available features included in the release of the Identity Experience Framework:

Author and upload your own user journeys using custom policies. Describe user journeys step-by-step as exchanges of data (claims) between users, identity systems, databases, data validators, and APIs. Define if-then branching in user journeys. Transform and map claims so they can be used for real-time decisions and universally communicated.

Interoperate with REST API-enabled services (e.g. email providers, CRMs, proprietary authorization systems).

Federate with OpenIDConnect (e.g. Azure Active Directory multitenant, social account providers, two-factor authentication providers).

Federate with SAML 2.0 providers (e.g. ADFS, Salesforce, Shibboleth).

For more information, see the Azure Active Directory B2C custom policy release notes.

Next Steps

The fastest way to get started is to gain working knowledge of our powerful built-in experiences in Azure AD B2C user flows. Then, with the same users, tenants, and subscriptions, you can layer-in custom policies for the scenarios that need them. Read Get started with custom policies in Azure Active Directory B2C for more information.

A step-by-step tutorial, as well as a series of white papers introducing custom policies and the Identity Experience Framework, can be found in our Solutions and Training for Azure Active Directory B2C page.

For the Identity Experts out there, Kim Cameron, distinguished engineer, has talked at length about the concepts of Identity Trust Frameworks and covers the topic in the video, Kim Cameron Keynote speech at OIX UK Economics of Identity. The concepts are standardized by the Open Identity Exchange. You can read their most recent white paper, Trust Frameworks for Identity Systems.

We always love to hear your feedback and suggestions, and we look forward to hearing from you! Let us know what you think in the comments below or email the team at aadb2cpreview@microsoft.com.

Best regards,

Alex Simons (@Alex_A_Simons )

Corporate VP of Program Management

Microsoft Identity Division