Identity and Access Management (IAM) enables you to manage access to services and resources securely. With IAM, you can create and manage AWS users and groups. It also gives you the right to allow and deny their access to AWS resources.
In today’s world, there are multiple IAM solutions that are available in the market. Even Microsoft offers its lightweight IAM tool over classic Active Directory that can be leveraged to authenticate users, provide identity, and control access. In this blog, I am going to compare the popular IAM solutions that are available. And, I will also highlight the pros and cons of using Active Directory B2C as an IAM solution for our application.
Microsoft IAM
Microsoft is known for its security; it has evolved a lot since its inception and is much ahead of the competition now. The good ethics of Microsoft has made them a popular choice among industry leaders. Looking at its high popularity and years of market existence, Microsoft entered the SaaS-based IAM space a little late. Whereas Google and AWS on the other side have an upper hand or an advantage over Microsoft because of their more years of existence in the IAM market.
Google has perfectly integrated with most of the modern single sign-on (SSO) and login solutions as well. Similarly, AWS Cognito is also quite easy to use and makes the integration process seamless. There are some new players in the market like Okta who have been quite successful with their simple integration processes and handy with preconfigured adapters.
Now, Microsoft is trying to catch up with the competitors, but its system is a bit too complex for new users and integration options are also limited. For those who cannot jeopardize security over anything else, Microsoft should be their first choice. Though the setup for Azure Active Directory B2C is a bit tedious and time-consuming but is highly secure. Microsoft cares about the data privacy and security of its users. Let’s have a look at major key features Microsoft offers in its Active Directory
Important Features Of Microsoft’s Active Directory
Azure Active Directory B2C provides business-to-customer identity as a service. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs. Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (IAM) solution capable of supporting millions of users and billions of authentications per day. It takes care of the scaling and safety of the authentication platform, monitoring, and automatically handles the threats like denial-of-service, password spray, or brute force attacks. Some of its key features are listed below.
Features
-
- Conditional Access (Role-based access control)
- Identity protection
- Reporting and monitoring
- SAML Support
One other thing that we expect from a good IAM solution is to support multiple authentication methods and multi-factor authentication. Now, let me list down some main authentication methods as supported by Microsoft AD B2C.
Authentication Methods
Microsoft supports almost all popular authentication methods that are in the market. If you are planning to integrate it with the popular ERP systems then Microsoft has built-in adapters and ready-to-use methods. Here are some of the popular methods of Microsoft support.
-
- Traditional username and password
- Microsoft Authenticator App passwordless sign-in
- OATH hardware token or FIDO2 security key
- SMS-based passwordless sign-in
- Federated identity provider integration
- Partner Integration (https://docs.microsoft.com/en-us/azure/active-directory-b2c/partner-gallery)
Microsoft also supports a bunch of other methods and covers almost everything you need for Authentication. But, with this, it has also got some limitations attached that I have discussed in the next section.
Limitations in Microsoft
Although Microsoft supports almost all popular authentication methods but it has got few limitations and bugs. Some bugs make features almost unusable. Microsoft SDK for JavaScript is in the development stage and not mature for production use. There are many other bugs that make life painful for the development team. The thought process of Microsoft is also a little different from the industry in general. Their UI is difficult to use and the naming convention is a bit odd too.
Some of the key system limitations are:
-
- It allows only 500 transactions per second per App Proxy application.
- It allows only 750 transactions for the Azure AD organization.
- Requires Microsoft environment.
For in-depth information, you can follow this source https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-service-limits-restrictions.
Microsoft offers almost all the modern features but it is a little time-consuming to understand and use. Other than this, Microsoft has built-in integrations for ERP and SCM systems like SAP and Oracle. When you integrate with enterprise applications Microsoft also provides support, unlike Google and AWS.
One of the most important factors while deciding IAM solution is the ease of integration. It is a deal-breaker for many, especially when we connect with a niche software or application that requires special integration methods. Microsoft has decades of experience in integrations and their systems are mature enough to support almost everything by now. Let’s have a look at some of the integrations Microsoft support with their Active Directory B2C.
Supported Integrations
For ready-to configure apps we can use built-in adapters and SSO mechanisms to connect. The process remains the same for one type of system. Once we configure our system to integrate with SAP, Oracle, and more, then we can easily add the new SAP, and Oracle as well.
For custom-built applications, we need to configure and build adapters to match their specifications. Custom-built applications might not have any connectors or mechanisms to connect with our system. We need to analyze it on a case-to-case basis as I have discussed below.
Comparison With Popular Systems
IAM tools have become the backbone of the technology industry. The IAM market is going through significant changes, as zero trusts become an increasingly important part of access management products, it is important to choose the right IAM solution. There are many IAM tools out there, but we will consider the most popular ones and compare Microsoft Active Directory against them.
| Active Directory | Firebase | Cognito |
| Closed-source | Open-source | Closed-source |
| Backed by Microsoft Azure | Backed by Google | Backed by AWS |
| Easy integrations with LDAP | Easy to integrate and manage with all open standards | Easy to integrate and manage with all open standards |
| Free tier has limited features | Cost-effective in free tier | Free tier is very limited |
| Suited for enterprise applications and SSO with big ERP and SCM systems | Suited for fast development and integrations |
Suited for fast development and integrations
|
Who should use the Active Directory B2C?
If you are integrating with large SAP or Oracle-like systems, Active Directory is for you. If you are looking for trusted security then also you can consider Microsoft-backed Active Directory, which is highly trusted.
Who should avoid the Active Directory B2C?
If you are looking for fast-paced development with lots of customizations, then you should better avoid Active Directory B2C. Most of your time will go into understanding the framework and dealing with issues in plugins that are in the beta stage.
Final Thoughts
Azure Active Directory B2C is a niche solution and not widely used. It has good capabilities, strong security, and the backing of Microsoft. It is definitely a good product but it does not suit well for fast-paced development. It has some bugs in plugins and integration is also not seamless. So, before you make a decision analyze the pros and cons thoroughly, then decide based on your requirements. Till then, happy reading!
