You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/best-practices.md
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,15 +16,15 @@ ms.subservice: B2C
16
16
17
17
# Recommendations and best practices for Azure Active Directory B2C
18
18
19
-
The following best practices and recommendations cover some of the primary aspects of integrating Azure AD B2C into existing or new application environments.
19
+
The following best practices and recommendations cover some of the primary aspects of integrating Azure Active Directory (Azure AD) B2C into existing or new application environments.
20
20
21
21
## Fundamentals
22
22
23
23
|||
24
24
|--|--|
25
-
| Choose user flows for most scenarios | The Identity Experience Framework of Azure Active Directory B2C is the core strength of the service. Policies fully describe identity experiences such as sign-up, sign-in, or profile editing. To help you set up the most common identity tasks, the Azure AD B2C portal includes predefined, configurable policies called user flows. User flows help you provide a great user experience in minutes, with just a few clicks. [Learn when to use user flows vs. custom policies](custom-policy-overview.md#comparing-user-flows-and-custom-policies).|
26
-
| App registrations | Every application (web, native) and API that is being secured must be registered in Azure AD B2C. If an app has both a web and native version of iOS and Android, you can register them as one application in Azure AD B2C with the same client ID. Learn how to [register OIDC, SAML, web, and native apps](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-register-applications?tabs=applications). Find more info on[application types that can be used in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/application-types). |
27
-
| Move to Monthly Active Users billing | Azure AD B2C has moved from monthly active authentications to monthly active users (MAU) billing. Most customers will find this model cost-effective. [Learn more about monthly active users billing](https://azure.microsoft.com/updates/mau-billing/). |
25
+
| Choose user flows for most scenarios | The Identity Experience Framework of Azure AD B2C is the core strength of the service. Policies fully describe identity experiences such as sign-up, sign-in, or profile editing. To help you set up the most common identity tasks, the Azure AD B2C portal includes predefined, configurable policies called user flows. With user flows, you can create great user experiences in minutes, with just a few clicks. [Learn when to use user flows vs. custom policies](custom-policy-overview.md#comparing-user-flows-and-custom-policies).|
26
+
| App registrations | Every application (web, native) and API that is being secured must be registered in Azure AD B2C. If an app has both a web and native version of iOS and Android, you can register them as one application in Azure AD B2C with the same client ID. Learn how to [register OIDC, SAML, web, and native apps](https://docs.microsoft.com/azure/active-directory-b2c/tutorial-register-applications?tabs=applications). Learn more about[application types that can be used in Azure AD B2C](https://docs.microsoft.com/azure/active-directory-b2c/application-types). |
27
+
| Move to monthly active users billing | Azure AD B2C has moved from monthly active authentications to monthly active users (MAU) billing. Most customers will find this model cost-effective. [Learn more about monthly active users billing](https://azure.microsoft.com/updates/mau-billing/). |
28
28
29
29
## Planning and design
30
30
@@ -47,9 +47,9 @@ During the implementation phase, consider the following recommendations.
47
47
48
48
|||
49
49
|--|--|
50
-
| Edit custom policies with the [Azure AD B2C extension for Visual Studio Code](https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c)| Download Visual Studio Code and this community-built extension from the Visual Studio Code Marketplace. While not an official Microsoft product, the Azure AD B2C extension for Visual Studio Code includes several features that help make working with custom policies easier. |
50
+
| Edit custom policies with the Azure AD B2C extension for Visual Studio Code | Download Visual Studio Code and this community-built [extension from the Visual Studio Code Marketplace]((https://marketplace.visualstudio.com/items?itemName=AzureADB2CTools.aadb2c)). While not an official Microsoft product, the Azure AD B2C extension for Visual Studio Code includes several features that help make working with custom policies easier. |
51
51
| Learn how to troubleshoot Azure AD B2C | Learn how to [troubleshoot custom policies](https://docs.microsoft.com/azure/active-directory-b2c/troubleshoot-custom-policies?tabs=applications) during development. Learn what a normal authentication flow looks like and use tools for discovering anomalies and errors. For example, use [Application Insights](troubleshoot-with-application-insights.md) to review output logs of user journeys. |
52
-
| Leverage our library of proven custom policy patterns | Find [samples](https://github.com/azure-ad-b2c/samples) for several enhanced Azure AD B2C Custom CIAM User Journeys. |
52
+
| Leverage our library of proven custom policy patterns | Find [samples](https://github.com/azure-ad-b2c/samples) for several enhanced Azure AD B2C customer identity and access management (CIAM) user journeys. |
53
53
54
54
55
55
## Testing
@@ -58,9 +58,9 @@ Test and automate your Azure AD B2C implementation.
58
58
59
59
|||
60
60
|--|--|
61
-
| Account for global traffic | Use traffic sources from different global address to test the performance and localization requirements. Make sure all the HTMLs, CSS, and the dependencies can meet your performance needs. |
61
+
| Account for global traffic | Use traffic sources from different global address to test the performance and localization requirements. Make sure all the HTMLs, CSS, and dependencies can meet your performance needs. |
62
62
| Functional and UI testing | Test the user flows end-to-end. Add synthetic tests every few minutes using Selenium, VS Web Test, etc. |
63
-
| Pen-testing | Before going live with your solution, perform penetration testing exercises to verify all components are secure, including any third-party dependencies. Verify you've secured your APIs with access tokens and have used the right authentication protocol for your application scenario. Learn more about [Penetration testing](https://docs.microsoft.com/azure/security/fundamentals/pen-testing) and the [Microsoft Cloud Unified Penetration Testing Rules of Engagement](https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=1). |
63
+
| Pen-testing | Before going live with your solution, perform penetration testing exercises to verify all components are secure, including any third-party dependencies. Verify you've secured your APIs with access tokens and used the right authentication protocol for your application scenario. Learn more about [Penetration testing](https://docs.microsoft.com/azure/security/fundamentals/pen-testing) and the [Microsoft Cloud Unified Penetration Testing Rules of Engagement](https://www.microsoft.com/msrc/pentest-rules-of-engagement?rtc=1). |
64
64
| A/B Testing | Flight your new features with a small, random set of users before rolling out to your entire population. With JavaScript enabled in Azure AD B2C, you can integrate with A/B testing tools like Optimizely, Clarity, and others. |
65
65
| Load testing | Azure AD B2C can scale, but your application can scale only if all of its dependencies can scale. Load-test your APIs and CDN. |
66
66
| Throttling | Azure AD B2C throttles traffic if too many requests are sent from the same source in a short period of time. Use several traffic sources while load testing, and handle the `AADB2C90229` error code gracefully in your applications. |
@@ -72,12 +72,12 @@ Manage your Azure AD B2C environment.
72
72
73
73
|||
74
74
|--|--|
75
-
| Create multiple environments | For easier operations and deployment roll-out, create separate environments dev, test, pre-prod, and prod. Create Azure AD B2C tenants for each. |
76
-
| Use version control with your custom policies | Consider using GitHub, Azure Repos, or another cloud-based version control system for your Azure AD B2C custom policies. |
77
-
| Use the [Microsoft Graph API](manage-user-accounts-graph-api.md) to automate the management of your B2C tenants | APIs:<br/>Manage [Identity Experience Framework](https://docs.microsoft.com/graph/api/resources/trustframeworkpolicy?view=graph-rest-beta) (custom policies)<br/>[Keys](https://docs.microsoft.com/graph/api/resources/trustframeworkkeyset?view=graph-rest-beta)<br/>[User Flows](https://docs.microsoft.com/graph/api/resources/identityuserflow?view=graph-rest-beta)|
75
+
| Create multiple environments | For easier operations and deployment roll-out, create separate environments for development, testing, pre-production, and production. Create Azure AD B2C tenants for each. |
76
+
| Use version control for your custom policies | Consider using GitHub, Azure Repos, or another cloud-based version control system for your Azure AD B2C custom policies. |
77
+
| Use the Microsoft Graph API to automate the management of your B2C tenants | Microsoft Graph APIs:<br/>Manage [Identity Experience Framework](https://docs.microsoft.com/graph/api/resources/trustframeworkpolicy?view=graph-rest-beta) (custom policies)<br/>[Keys](https://docs.microsoft.com/graph/api/resources/trustframeworkkeyset?view=graph-rest-beta)<br/>[User Flows](https://docs.microsoft.com/graph/api/resources/identityuserflow?view=graph-rest-beta)|
78
78
| Integrate with Azure DevOps | A [CI/CD pipeline](deploy-custom-policies-devops.md) makes moving code between different environments easy and ensures production readiness at all times. |
79
79
| Integrate with Azure Monitor |[Audit log events](view-audit-logs.md) are only retained for seven days. [Integrate with Azure Monitor](azure-monitor.md) to retain the logs for long-term use, or integrate with third-party security information and event management (SIEM) tools to gain insights into your environment. |
80
-
| Setup active alerting and monitoring |[Track user behavior](active-directory-b2c-custom-guide-eventlogger-appins.md) in Azure Active Directory B2C using Application Insights. |
80
+
| Setup active alerting and monitoring |[Track user behavior](active-directory-b2c-custom-guide-eventlogger-appins.md) in Azure AD B2C using Application Insights. |
0 commit comments