什么是 Azure Active Directory B2C?What is Azure Active Directory B2C?

Azure Active Directory B2C 以服务的形式提供企业到客户的标识。Azure Active Directory B2C provides business-to-customer identity as a service. 客户使用其首选的社交、企业或本地帐户标识对应用程序和 API 进行单一登录访问。Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications and APIs.

Azure AD B2C 标识提供者和下游应用程序的信息图

Azure Active Directory B2C (Azure AD B2C) 是一个客户标识访问管理 (CIAM) 解决方案,每天能够支持数百万用户和数十亿次身份验证。Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (CIAM) solution capable of supporting millions of users and billions of authentications per day. 它负责处理身份验证平台的规模和安全性,并监视和自动应对拒绝服务、密码喷洒或暴力攻击等威胁。It takes care of the scaling and safety of the authentication platform, monitoring and automatically handling threats like denial-of-service, password spray, or brute force attacks.

自定义品牌的标识解决方案Custom-branded identity solution

Azure AD B2C 是一种贴牌式身份验证解决方案。Azure AD B2C is a white-label authentication solution. 你可以使用自己的品牌自定义整个用户体验,使其能够与 Web 和移动应用程序无缝融合。You can customize the entire user experience with your brand so that it blends seamlessly with your web and mobile applications.

可以自定义当用户注册、登录和修改其个人资料信息时 Azure AD B2C 显示的每一页。Customize every page displayed by Azure AD B2C when your users sign up, sign in, and modify their profile information. 可以自定义用户旅程中的 HTML、CSS 和 JavaScript,使 Azure AD B2C 体验的外观类似于应用程序的原生组成部分。Customize the HTML, CSS, and JavaScript in your user journeys so that the Azure AD B2C experience looks and feels like it's a native part of your application.

使用用户提供的标识进行单一登录访问Single sign-on access with a user-provided identity

Azure AD B2C 使用基于标准的身份验证协议,包括 OpenID Connect、OAuth 2.0 和 SAML。Azure AD B2C uses standards-based authentication protocols including OpenID Connect, OAuth 2.0, and SAML. 它与大多数新式应用程序和商用现货软件相集成。It integrates with most modern applications and commercial off-the-shelf software.

第三方标识与 Azure AD B2C 联合的示意图

Azure AD B2C 充当 Web 应用程序、移动应用和 API 的中心身份验证机构,使你能够为所有这些应用构建单一登录 (SSO) 解决方案。By serving as the central authentication authority for your web applications, mobile apps, and APIs, Azure AD B2C enables you to build a single sign-on (SSO) solution for them all. 集中收集用户个人资料和偏好信息,并捕获有关登录行为和注册转换的详细分析。Centralize the collection of user profile and preference information, and capture detailed analytics about sign-in behavior and sign-up conversion.

与外部用户存储集成Integrate with external user stores

Azure AD B2C 提供一个目录,其中可以保存每个用户的 100 个自定义属性。Azure AD B2C provides a directory that can hold 100 custom attributes per user. 但是,你也可以与外部系统相集成。However, you can also integrate with external systems. 例如,使用 Azure AD B2C 进行身份验证,但将权限委托给用作客户数据真实来源的外部客户关系管理 (CRM) 或客户忠诚度数据库。For example, use Azure AD B2C for authentication, but delegate to an external customer relationship management (CRM) or customer loyalty database as the source of truth for customer data.

另一种外部用户存储方案是让 Azure AD B2C 处理应用程序的身份验证,但与存储用户个人资料或个人数据的外部系统相集成。Another external user store scenario is to have Azure AD B2C handle the authentication for your application, but integrate with an external system that stores user profile or personal data. 例如,满足区域或本地数据存储策略规定的数据驻留要求。For example, to satisfy data residency requirements like regional or on-premises data storage policies.

与外部用户存储通信的 Azure AD B2C 的逻辑关系图

Azure AD B2C 有助于在注册或编辑个人资料过程中从用户收集信息,然后将该数据转交到外部系统。Azure AD B2C can facilitate collecting the information from the user during registration or profile editing, then hand that data off to the external system. 在将来的身份验证过程中,Azure AD B2C 可以从外部系统检索数据,并根据需要将此数据包含为发送到应用程序的身份验证令牌响应的一部分。Then, during future authentications, Azure AD B2C can retrieve the data from the external system and, if needed, include it as a part of the authentication token response it sends to your application.

渐进式分析Progressive profiling

另一个用户旅程选项包括渐进式分析。Another user journey option includes progressive profiling. 渐进式分析可让客户通过收集极少量的信息来快速完成第一个事务。Progressive profiling allows your customers to quickly complete their first transaction by collecting a minimal amount of information. 今后在客户登录时,将以渐进方式从客户收集更多的个人资料数据。Then, gradually collect more profile data from the customer on future sign-ins.

渐进式分析的直观描绘

第三方标识验证和证明Third-party identity verification and proofing

使用 Azure AD B2C 可以收集用户数据,然后将其传递给第三方系统来执行验证、信任评分和审批用户帐户创建操作,以此帮助完成标识验证和证明。Use Azure AD B2C to facilitate identity verification and proofing by collecting user data, then passing it to a third party system to perform validation, trust scoring, and approval for user account creation.

显示第三方标识证明用户流的示意图

这仅仅是用作企业到客户标识平台的 Azure AD B2C 的一部分功能。These are just some of the things you can do with Azure AD B2C as your business-to-customer identity platform. 本概述文章的以下部分将演练一个使用 Azure AD B2C 的演示应用程序。The following sections of this overview walk you through a demo application that uses Azure AD B2C. 另外,也欢迎你直接查看更深入的文章 Azure AD B2C 技术概述You're also welcome to move on directly to a more in-depth technical overview of Azure AD B2C.

后续步骤Next steps

大致了解 Azure AD B2C 及其可以帮助实现的某些方案后,接下来请更深入地了解其功能和技术方面。Now that you have an idea of what Azure AD B2C is and some of the scenarios it can help with, dig a little deeper into its features and technical aspects.