Azure AD B2C

Introduction

With WPO365, you can create / update users from WordPress in Azure AD B2C, keep them synchronized and enable them to sign in with their email address.

Azure AD and Azure AD B2C. Two terms that sound very similar, but are in fact two very different worlds.

Azure AD is widely used as an identity service for employees and partners. Users in Azure AD can get single sign-on access to Microsoft 365 services such as SharePoint, Power BI and Yammer where users collaborate and work together.

Azure AD B2C, on the other hand, is primarily used as an identity service for (online) customers and website visitors. Users in Azure AD B2C can get single sign-on access to business applications and APIs. See https://docs.microsoft.com/en-us/azure/active-directory-b2c/overview for details.

Important Microsoft has recently announce Microsoft Entra External ID for customers, also known as Azure Active Directory (Azure AD) for customers, as their new customer identity and access management (CIAM) solution. If you’re a new customer, you might be wondering which solution is a better fit, Azure AD B2C or Microsoft Entra External ID (preview). Since WPO365 supports both platforms, the choice is up to you. Please checkout our documentation on Microsoft Entra External ID (Azure AD for Customers) for WordPress.

Supported features

Single Sign-on for Azure AD B2C users

The WPO365 | LOGIN plugin supports – out of the box – Microsoft based Single Sign-on for Azure AD, Azure AD B2C and Entra External ID.

A typical single sign-on (SSO) configuration page with Azure AD B2C as the desired identity provider
Custom Azure AD B2C login domain

Using a custom domain with your application provides a more seamless user experience. From the user’s perspective, they remain in your domain e.g. login.contoso.com during the sign in process rather than redirecting to the Azure AD B2C default domain e.g. contoso.b2clogin.com.

Create / update users in Azure AD B2C / for Customers from WordPress

If your WordPress website offers features that require users to register – for example when you sell products or online-courses – then WPO365’s solution for Azure AD B2C can help you create (and update) users in Azure AD B2C from WordPress. To achieve this, WPO365 will intercept WordPress, just before it creates a new user (by hooking into the wp_pre_insert_user_data filter). It will take the user data and use it to create a new user in Azure AD B2C / for Customers using Microsoft Graph.

WPO365 will create a new “local” user identity in Azure AD B2C who will then be able to sign in with his / her email address and password.

Please note Administrators that implement Entra External ID (Azure AD for Customers) can select users to authenticate using a One Time Passcode (instead of a password). This feature is not available for Azure AD B2C.

Since WPO365 creates the Azure AD B2C user before the WordPress user is created, administrators can choose to change a user’s WordPress username (e.g. use the Object ID instead of the email address) and a user’s password – to ensure all your WordPress users have very strong passwords. Since users will sign in with their email address they don’t need to know and remember their WordPress username and password.

In addition to users being automatically created in Azure AD B2C when they “interactively” sign in, administrators can (bulk) create users individually and on-demand from the default WordPress user list, if this feature is enabled. The status of the last attempt to create a WordPress user in Azure AD B2C / for Customers (or update an existing user) can be seen just below the send-button.

(Bulk) Create users in Azure AD B2C / for Customers (Entra External ID)
User synchronization from Azure AD B2C to WordPress

The WPO365 | LOGIN plugin is capable of registering a new WordPress user for each new Azure AD B2C that signs in successfully. And when that user signs in again, the plugin is able to update some of the user’s attributes. But this is “just in time” and leaves a website owner with hardly any control over the quality of the user data in WordPress.

WPO365’s user synchronization closes this gap. It gives website owners an advanced tool that allows them to update the WordPress user data at regular intervals e.g. several times a day. It also allows for (soft) deletion of users that have closed their account and that should no longer be eligible to sign in.

Embedded login / signup for Azure AD B2C

Recently, Microsoft has added a preview feature for embedded sign-up or sign-in experience (see https://learn.microsoft.com/en-us/azure/active-directory-b2c/embedded-login for configuration details). This feature allows for a simpler sign-up or sign-in experience and you avoid redirecting the users to a separate sign-up or sign-in page, or generating a pop-up window, by using an inline frame.

Choose from multiple Azure AD B2C policies

Website owners can create custom buttons and links that will invoke a specific Azure Active Directory B2C (Azure AD B2C) user experience / user journey e.g. to sign in, sign up or reset a password.

Plugins with these features

Just Azure AD for Customers / Entra External ID based single sign-on (SSO) is supported by WPO365 | LOGIN that is available at no cost.

All other features on this page require the CUSTOMERS addon.

Documentation

Videos

There are currently no videos available.