Entra ID vs AD B2C - external identity providers

Question

Entra ID vs AD B2C - external identity providers

Maksymilian Chwałek 50

Hi, I noticed that Entra ID has limited options for external IdPs compared to AD B2C, which supports several social providers and OIDC. I want to connect my custom IdP to Azure IAM, but it seems that Entra ID has fewer features than the legacy solution. Additionally, there are not many packages available for creating SAML IdP, and some require paid subscriptions. Will Entra ID be adding more social providers in the future? Also, I'm curious why SAML was selected over OIDC?

Azar 29,520 Reputation points MVP Volunteer Moderator

2024-02-25T20:08:05.1166667+00:00

Hey there Maksymilian Chwałek

You're correct that when it comes to external identity providers (IdPs), (AD B2C) offers a wider range of options compared to Entra ID. AD B2C supports various social identity providers and OIDC, providing more flexibility for integrating with third-party authentication services.

As for connecting your custom IdP to Azure IAM, it's understandable that you may find Entra ID lacking in features compared to the legacy solution. While Entra ID may currently have limited options, it's worth keeping an eye on future updates from Entra to see if they add more social providers.

Regarding the choice between SAML and OIDC, it often comes down to the specific requirements and use cases of the application. SAML is a mature protocol commonly used for (SSO) scenarios, especially in enterprise environments.

On the other hand, OIDC is a newer protocol built on top of OAuth 2.0, designed to provide authentication and authorization for modern web applications and mobile apps. It's simpler to implement, offers better support for mobile applications, and is more aligned with modern development practices.

If this helps kindly accept the answer thanks much.
Maksymilian Chwałek 50 Reputation points

2024-02-26T06:38:42.46+00:00

Sorry, this is clearly a AI generated answer, that doesn't relate to my specific questions (the last two sentences)

Accepted answer

0 additional answers

Your answer

Azar 29,520 Reputation points MVP Volunteer Moderator

2024-02-25T20:08:05.1166667+00:00

Hey there Maksymilian Chwałek

You're correct that when it comes to external identity providers (IdPs), (AD B2C) offers a wider range of options compared to Entra ID. AD B2C supports various social identity providers and OIDC, providing more flexibility for integrating with third-party authentication services.

As for connecting your custom IdP to Azure IAM, it's understandable that you may find Entra ID lacking in features compared to the legacy solution. While Entra ID may currently have limited options, it's worth keeping an eye on future updates from Entra to see if they add more social providers.

Regarding the choice between SAML and OIDC, it often comes down to the specific requirements and use cases of the application. SAML is a mature protocol commonly used for (SSO) scenarios, especially in enterprise environments.

On the other hand, OIDC is a newer protocol built on top of OAuth 2.0, designed to provide authentication and authorization for modern web applications and mobile apps. It's simpler to implement, offers better support for mobile applications, and is more aligned with modern development practices.

If this helps kindly accept the answer thanks much.
Maksymilian Chwałek 50 Reputation points

2024-02-26T06:38:42.46+00:00

Sorry, this is clearly a AI generated answer, that doesn't relate to my specific questions (the last two sentences)

Answer 1

Shweta Mathur 30,301 Microsoft Employee Moderator

Hi @Maksymilian Chwałek ,

Thanks for reaching out. I understand you have queries regarding Micrsoft Entra External Id.

Will Entra ID be adding more social providers in the future?

As Micrsoft Entra External Id is currently in preview state, it is evolving gradually with new features. Entra team is looking forward to add more social providers in the customer tenant.

why SAML was selected over OIDC

Adding a federated OIDC identity provider is currently only supported in Azure AD B2C tenant, which is a special kind of tenant that supports allowing sign in via external federated OIDC IDP identities.

OIDC identity provider will more than likely be supported on Entra Customer tenants (eventual replacement for Azure AD B2C) in future, but today it is not. However, application flow is supported OIDC flow only.

Hope this will help.

Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.

Maksymilian Chwałek 50 Reputation points

2024-02-26T10:01:56.09+00:00

Thank you for your answer! What about Workforce tenants, will there be OIDC provider support?
Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator

2024-02-28T09:56:36.9533333+00:00

Maksymilian Chwałek As of now, Workforce tenant also does not support OIDC identity provider. https://learn.microsoft.com/en-us/entra/external-id/customers/concept-supported-features-customers#compare-workforce-and-customer-tenant-capabilities If customer is planning to invite external users to their Entra Workforce tenant and those external users have an OIDC IDP they should use B2B Guest Invitations. Hope this will help. Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.
Maksymilian Chwałek 50 Reputation points

2024-02-28T10:43:23.93+00:00

Could you elaborate more on B2B guest invitations and how to log invited users via their OIDC IDP?
Shweta Mathur 30,301 Reputation points Microsoft Employee Moderator

2024-03-01T08:42:38.1+00:00

Maksymilian Chwałek

You can refer this https://communities.bentley.com/communities/other_communities/licensing_cloud_and_web_services/w/wiki/67529/configuring-microsoft-azure-ad-for-b2b-guest-users-using-oidc

Share via

Entra ID vs AD B2C - external identity providers

0 additional answers

Your answer