Facebook Twitter Linkedin
Book Consultation
Facebook
Twitter
LinkedIn

Entra/Azure · Intune · Security

Add An Extra Azure Ad For Ccustomers Or BtoC

Microsoft Entra ID, formally known as Azure AD, has a new feature called Customer Identity and Access Management (CIAM), this feature will let you add an extra tenant to your cloud use for your customers to log in with their email (Gmail, Yahoo, FaceBook, etc.) and password to specific Web apps, Singal page, Desktop, etc.

Create a tenant

First, you have to create a dedicated tenant for your customers, Login to your Entry Admin Center> then navigate to Identity> Overview and click on Manage Tenants,

Here you need to click on “Create” button to create a tenant, then select “Customer”.

Create a free trial

You have two options 1. add a tenant and use your subscription, 2. you can use a free trial. I used in this scenario a free trial for 30 days.

Next, you will need to create a tenant name and Domain name (for your customers).

Note: You have to use a unique name because if is already exited the process will not go through.

This is optional to customize your customer login page, color, branding, etc.

In “Try it out” go ahead and click on “Run it now” to test the login page.

This will open in your browser with log in to the tenant you created before In my case you can see the name “Customers Trial Tenant”. First, click on “No account” then your customers can use their personal email, they will get a one-time password OTP or code and then will be asked to create a password and confirm it.

After you complete Sign up, and sign-in you will get redirected to the app, in my case I do not have any apps. so you will get a JWT.ms and you can see the token missed during the sign-in process.

No w go back to the sign-in page on Entra Admin Center, and click on Continue.

Set up a sample app

I will use basic Java, select sign page application (SPA), then pick Javascript, from there click and download the sample app “Download sample app” and unzip it.

Run the command above after you change the directory to where you saved the file that you downloaded above. I placed it in C:\Temp\CIAM-JsAuthCodeSpa (the name of the file).

Now you can sign in to SPA with customer’s personal email and password by click on Sign in.

Here you can see the new tenant, and you can match the tenant ID number. This is just a basic way to create a tenant for your customers to log in with their personal email, without having access to your main tenants to keep it secure.

for more information please check the main Microsoft document.

Thanks for your time!

Leave a Reply

Your email address will not be published. Required fields are marked *

International Growth & Expansion

Quick Links

Home
About
Blog
Contact

Our Services

Contact Us

Facebook Twitter Linkedin

Copyright © 2024. All Rights Reserved.