{"id":1350,"date":"2023-11-16T13:26:24","date_gmt":"2023-11-16T21:26:24","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/identity\/?p=1350"},"modified":"2024-02-20T09:22:35","modified_gmt":"2024-02-20T17:22:35","slug":"custom-authentication-extensions","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/identity\/custom-authentication-extensions\/","title":{"rendered":"Adding flexibility to authentication with Microsoft Entra External ID custom extensions"},"content":{"rendered":"

As the much-anticipated, Microsoft Ignite<\/a> conference edges (no pun intended) closer to the final (in-person only)<\/em> day tomorrow, we hope you’ve been enjoying the interesting sessions and come away feeling energized!<\/p>\n

Now, we\u2019re excited to announce the public preview of a new set of extension points that enable you to add your own logic to Microsoft Entra External ID.<\/p>\n

In this blog post, we explore the power of Custom Authentication Extensions<\/a> and touch on how to use them.<\/p>\n

Microsoft Entra External ID is designed with flexibility in mind and this new release allows you to further tailor your authentication journeys to your bespoke needs. Let\u2019s dive in.<\/p>\n

Building authentication your way<\/h2>\n

At Microsoft Build 2023<\/a>, we introduced the concept of custom authentication extensions as an innovative feature of the newly launched Microsoft Entra External ID product offering. Microsoft Entra External ID<\/a> is a unified platform that brings together the enterprise-grade controls of Microsoft Entra ID (formerly Azure AD) and the flexibility, customizability, and improved UX of Azure AD B2C.<\/p>\n

ICYMI, here\u2019s the recording of the Build 2023<\/strong> session on Microsoft Entra External ID where we show you how to use custom extensions.<\/p>\n

\n
https:\/\/www.youtube.com\/watch?v=bX2Zu-82BFA<\/a><\/video><\/div>\n<\/center><\/p>\n

Custom authentication extensions allow you to build authentication experiences that are secure and adaptable to your specific business logic. In addition to the built-in authentication events within a sign-up and sign-in user flow, custom authentication extensions can be added at specific points within the authentication flow. They allow you to incorporate your own code and logic into how authentication flows work.<\/p>\n

Custom extensions operate on an event-based model. During the authentication flow, there are certain points where we can add a hook. At these points, you have the ability to make a call out to an external API endpoint to modify the authentication flow.<\/p>\n

In this release, we are adding new points to add hooks during sign-up<\/strong>, at the beginning of the attribute collection step, and after the user enters and submits attributes. See screenshot below.<\/p>\n

\"custom<\/p>\n

These new custom extension points are being added in addition to the token issuance<\/strong> custom extensions, announced at Build 2023\u2014which trigger just before a token is issued to the application\u2014and the existing pre-defined, built-in authentication configurations within a sign-up and sign-in user flow.<\/p>\n

New extension events for enhanced customization<\/h2>\n

This latest update introduces an array of new extension events designed to provide you with an extensive level of control over user registration and authentication, ensuring a smooth and secure experience for end users. Here’s a closer look at what’s now possible:<\/p>\n

    \n
  1. Prefilling attributes:<\/strong> Simplify your user’s sign-up experience by prefilling attributes based on existing information, reducing the time and effort needed to complete registration forms.<\/li>\n
  2. Validating attributes in real-time:<\/strong> Enhance data accuracy with real-time validation of user inputs. This feature ensures that the information collected meets your specific criteria, right at the point of entry.<\/li>\n
  3. Dynamic attribute updating:<\/strong> Adapt to changing user information seamlessly. Our new functionality allows for the immediate updating of user attributes during the sign-up process, ensuring that your records are always current.<\/li>\n
  4. Selective sign-up blocking:<\/strong> Implement enhanced security measures by having the option to block sign-ups based on predetermined criteria. This is crucial for maintaining the integrity of your user base and preventing fraudulent activities.<\/li>\n<\/ol>\n

    To see how to implement these scenarios, check out this tutorial<\/a> with code samples and implementation guidance.<\/p>\n

    The journey to General Availability (GA)<\/h2>\n

    As we work towards the General Availability release of Microsoft Entra External ID, we continue our ongoing commitment to innovation and improvement. We are continuously working on expanding our offerings, with a focus on delivering solutions that meet and exceed your expectations.<\/p>\n

    Calling all developers and tech vendors<\/h2>\n

    We are particularly excited about the potential of these updates and encourage developers and technology vendors to get familiar with them and try them out.<\/p>\n

    Visit our docs to learn how to configure custom authentication extensions<\/a> for attribute collection and submit events. You can also learn more about custom claims providers<\/a> and learn how to configure a custom claims provider token issuance event<\/a>. This event is triggered right before the token is issued and allows you to call a REST API to add claims to the token.<\/p>\n

    Your feedback is invaluable to us\u2014it helps in refining these extensions and identifying any additional functionalities that could be beneficial. We\u2019re eager to hear about your experiences, the challenges you face, and the solutions you seek.<\/p>\n

    Let\u2019s stay connected<\/h2>\n

    To learn more or test out features of the Microsoft Entra suite of solutions, visit our developer center<\/a>. Sign up for email updates on the Identity blog<\/a> to keep up with all things Identity. And, follow us on YouTube<\/a> for video overviews, tutorials, and deep dives.<\/p>\n

    Stay tuned for more updates on Microsoft Entra External ID and additional custom authentication extensions. The future of authentication is here, and it’s more flexible and tailored than ever before.<\/p>\n","protected":false},"excerpt":{"rendered":"

    As the Microsoft Ignite conference gets underway, we announce the public preview of a new set of custom extension points for Microsoft Entra External ID.<\/p>\n","protected":false},"author":123707,"featured_media":987,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[33],"tags":[38,17,16,47,50],"class_list":["post-1350","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-product-updates","tag-authentication","tag-customer-identity","tag-entra","tag-external-id","tag-identity"],"acf":[],"blog_post_summary":"

    As the Microsoft Ignite conference gets underway, we announce the public preview of a new set of custom extension points for Microsoft Entra External ID.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/1350","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/users\/123707"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/comments?post=1350"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/posts\/1350\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media\/987"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/media?parent=1350"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/categories?post=1350"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/identity\/wp-json\/wp\/v2\/tags?post=1350"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}