You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Overview of Azure AD B2C SCIM Connector

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

This Azure AD B2C connector enables identity management via EmpowerID, providing seamless integration with Azure Active Directory B2C (Azure AD B2C) and delivering significant benefits for IT administrators. This feature update streamlines user management by automating user provisioning and de-provisioning processes in Azure AD B2C, reducing manual intervention and potential errors.

Architecture of the Azure AD B2C SCIM Connector

Let’s look into the major components in the interaction of the B2C SCIM connector.

Azure AD B2C SCIM Connector: The EmpowerID Azure AD B2C Connector handles the creation and management of records for B2C group owners and members in Azure AD B2C. It maintains a full inventory of these group owners and members. Additionally, it supports incremental inventory, capturing only changes since the last inventory.

SCIM Microservice: EmpowerID's SCIM microservice acts as a bridge between EmpowerID and other apps, enabling SCIM-based user identity info exchange. It facilitates standard SCIM calls for identity lifecycle management. It simplifies the process of user provisioning, updates, and deletions with any system that adheres to the SCIM standard and automates the process, making it effortless.

Azure B2C Tenant: An Azure AD B2C tenant comprises user identities created for use in external applications, and EmpowerID can connect to and manage the identity lifecycle for this specific tenant. This integration between EmpowerID and Azure AD B2C allows for effective management of user identities and access within external applications.

Certificate: EmpowerID's Azure AD B2C connector uses a secure handshake to communicate with the EmpowerID SCIM Microservice via Azure Certificate Authentication. This ensures that the microservice fulfills requests only from authorized Azure AD B2C clients.

Graph API: Microsoft Graph is a RESTful Web API that enables access to Microsoft Cloud service resources. It is created and managed by Microsoft; the EmpowerID SCIM Microservice invokes this API to fulfill the connector's requests for any Azure AD B2C resource.

Managed Identity: The Managed Identity ensures secure communication between the EmpowerID SCIM Microservice and the Microsoft Graph API. It possesses the necessary permissions for making calls to the Graph API. Importantly, this Managed Identity should be created within the same Azure tenant where the SCIM microservice is deployed, and the data synchronization occurs between the Azure data store and EmpowerID.

Authentication

  1. Managed Identity and Key Vault: The SCIM microservice initiates by using a managed identity to access and retrieve the required certificate stored in a key vault securely.

  2. Authentication to B2C Directory: With the retrieved certificate and a preconfigured ClientID, the microservice authenticates itself to the B2C directory. This authentication process ensures the microservice's identity is validated.

  3. Access Token and Graph API: After successful authentication, the microservice obtains an access token. This access token serves as a secure credential, allowing the microservice to make authorized calls to the Graph API, which provides access to specific resources or data within the B2C directory.

  • No labels