Let’s Enhancing Security and User Experience with OpenID Connect and Custom URL Domains in Microsoft Entra External ID. As we know, authentication is a crucial aspect of security. Recently, Microsoft announced Public Preview of OpenID Connect External ID provider support and the general availability of Custom URL Domains for external applications.
Creating a secure and easy-to-use experience for your external applications is essential, especially when managing customer identities. A well-managed platform needs a safe place. Many cyberattacks happen nowadays, such as DDoS attacks, password spraying, and brute force attacks; it’s more important than ever to have strong security measures in place.
Setting up OpenID Connect (OIDC) authentication and customizing URL domains can be very helpful in preventing the attacks. Recently, Verizon reports revealed that 24% of security breaches result from stolen credentials, highlighting the need for strong passwords and multi-factor authentication (MFA).
Additionally, threats like malware, human errors, and phishing are the main reasons for the security risks. So in this post let’s discuss some basic details of how to set up OIDC authentication and URL customization in external-facing applications.
Table of Contents
What are the Use Cases For Microsoft Entra External ID’s Support for OIDC External Identity Providers Facilitate?
Microsoft Entra External ID’s support for OIDC external identity providers enables several key use cases to enhance identity management. By integrating with cloud-based identity providers, organizations can simplify user sign-ins and registrations,for the authentication process.
1. It Connect with cloud identity providers that will Simplify sign-ins and registrations by linking to cloud services.
2. Build new identity solutions while connecting to existing Azure AD B2C directories.
3. Enable smooth authentication for partner access and collaborations.
4. Ensure secure authentication with government and civic identity providers.
What are Custom URL Domains?
Custom URL domains allow organizations to personalize the authentication process by using their own domain names. Instead of the default Microsoft tenant URL, users will see a branded URL. This creates a more unified experience for users.
Enhancing Security and User Experience with OpenID Connect and Custom URL Domains in MS Entra External ID
The public preview of OpenID Connect (OIDC) support for external identity providers is now available, along with the general release of Custom URL Domains. This is the best announcement for the Users of external identity services. The ability to connect with any identity provider improves the sign-up and sign-in experience, supporting all OIDC providers.
- Microsoft Cloud Security Benchmark Guide MCSB with Control Domain Security Principle Azure AWS Guidance
- Retirement of Legacy Authentication Methods Management in Microsoft Entra ID
- New External Authentication Methods in Microsoft Entra ID
Microsoft Entra External ID now Supports OpenID Connect Identity Providers
Customers demand to connect with external identity providers like Amazon, Okta, and Azure AD B2C. This feature helps improve the External ID experience by linking with Azure AD B2C. It allows users to access apps with their existing accounts.
- The main 2 benefits of this are supporting partner integrations and letting users sign in without creating new credentials.
| Additional Security Improvements | Info |
|---|---|
| Standard URL domain protection | Now we can protect our tenant against security threats like bot attacks and DDoS by blocking access to the default endpoint when using a custom URL domain. To enable this feature, simply enroll your tenant upon request. |
| Third-party web application firewall (WAF) integration | To add extra security to custom URL domains, set them up with Azure Front Door (AFD). You can also improve security by integrating third-party WAF services like Cloudflare or Akamai with AFD. |
How to Start with OIDC Federation
Users can sign in and register for applications using their accounts from external identity providers that support OpenID Connect. By integrating an OpenID Connect provider into their user flow, users can log in to applications using the credentials from that provider.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Resources
Customize authentication experiences and URL domains for external apps | Microsoft Community Hub
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.