Configure SSO in Microsoft Entra

Question

Hello. I am a current customer of Microsoft Azure AD B2C. I am starting to evaluate Microsoft Entra to see if we want to move to this new product or some other product.

Currently, in B2C, using custom profiles in Identity Experience Framework, I have enabled SSO with several of our clients. It seems that we configure those connections as a claims provider and it uses OpenIdConnect.

How do I configure those same SSO connections in Microsoft Entra? It seems that I just have to add an external entity, but my only choices are SAML. And, by default it seems that any of our clients that already have an active directory are allowed to be invited, or self sign up if enabled. But, that would allow anyone in the world with a valid Azure AD to sign into my application instead of just the specific clients that I allow.

Is there any documentation on this? I know this is new.

Answer 1

Hi,

Currently, in the Microsoft Entra External ID for Customers we can configure only below:

1. Local account (Email and password or one time pass code)
2. Facebook identity provider
3. Google identity provider
4. SAML/WS-fed

Open ID Connect (OIDC) integration feature will be available in the nearest future so you will be able to configure federation in a similar way like in the Azure AD B2C today, using the portal.
Similarly, when it comes to Azure AD there will be the possibility to decide which tenant you want to accept when signing in to your application secured by MS Entra External ID.
For now OIDC configuration and Azure AD tenant limitation are not available.

Here you can read more about currently supported features, including "Authentication methods and identity providers":
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/customers/concept-supported-features-customers#compare-workforce-and-customer-tenant-capabilities