Resilient end-user experience using Azure AD B2C

The sign-up and sign-in end-user experience is made up of the following elements:

• Interfaces the user interacts with, such as CSS, HTML, and JavaScript
• User flows and custom policies you create, for example sign-up, sign-in, and profile edit
• Identity providers (IDPs) for your application, such as local account username or password, Microsoft Outlook

User flow and custom policy

To help you set up the most common identity tasks, Azure AD B2C provides built-in configurable user flows. You can also build your own custom policies that offer you maximum flexibility. However, we recommended use of custom policies to address complex scenarios.

Select user flow or custom policy

Choose built-in user flows that meet your business requirements. Microsoft tests built-in flows, therefore you can minimize testing for validating policy-level functional, performance, or scale. However, test applications for functionality, performance, and scale.

With custom policies ensure policy-level testing for functional, performance, or scale. Conduct application-level testing.

To learn more, you can compare user flows and custom polices.

Choose multiple IdPs

When using an external IdP, create a fallback plan if the external IdP is unavailable.

Set up multiple IdPs

In the external IdP registration process, include a verified identity claim, such as user mobile number or email address. Commit the verified claims to the underlying Azure AD B2C directory instance. If an external IdP is unavailable, revert to the verified identity claim, and fall back to the phone number as an authentication method.

You can build alternate authentication paths:

1. Configure sign-up policy to allow sign-up by local account and external IDPs.
2. Configure a profile policy to allow users to link the other identity to their account after they sign in.
3. Notify and allow users to switch to an alternate IDP during an outage.

Content delivery network

Content delivery networks (CDNs) perform better and are less expensive than blob stores for storing custom user flow UI. The web page content goes from a geographically distributed network of highly available servers.

Periodically, test CDN availability and the performance of content distribution through end-to-end scenario and load testing. For surges due to promotions or holiday traffic, revise estimates for load testing.

Next steps

• Resilience resources for Azure AD B2C developers
  • Resilient interfaces with external processes
  • Resilience through developer best practices
  • Resilience through monitoring and analytics
• Build resilience in authentication infrastructure
• Increase resilience of authentication and authorization in applications