Configure SSO in Microsoft Entra

Bob Maurer 0 Reputation points

Hello. I am a current customer of Microsoft Azure AD B2C. I am starting to evaluate Microsoft Entra to see if we want to move to this new product or some other product.

Currently, in B2C, using custom profiles in Identity Experience Framework, I have enabled SSO with several of our clients. It seems that we configure those connections as a claims provider and it uses OpenIdConnect.

How do I configure those same SSO connections in Microsoft Entra? It seems that I just have to add an external entity, but my only choices are SAML. And, by default it seems that any of our clients that already have an active directory are allowed to be invited, or self sign up if enabled. But, that would allow anyone in the world with a valid Azure AD to sign into my application instead of just the specific clients that I allow.

Is there any documentation on this? I know this is new.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,757 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Daniel Krzyczkowski 471 Reputation points MVP


    Currently, in the Microsoft Entra External ID for Customers we can configure only below:

    1. Local account (Email and password or one time pass code)
    2. Facebook identity provider
    3. Google identity provider
    4. SAML/WS-fed

    Open ID Connect (OIDC) integration feature will be available in the nearest future so you will be able to configure federation in a similar way like in the Azure AD B2C today, using the portal.
    Similarly, when it comes to Azure AD there will be the possibility to decide which tenant you want to accept when signing in to your application secured by MS Entra External ID.
    For now OIDC configuration and Azure AD tenant limitation are not available.

    Here you can read more about currently supported features, including "Authentication methods and identity providers":