Azure Active Directory (Azure AD) External Identities is a set of capabilities that enables organizations to secure and manage any external user, including customers and partners. For white label authentication and fully customizable user experience, Azure Active Directory B2C is capable of supporting millions of users and billions of authentications per day.
Using Azure AD B2C, more and more application developers are also managing end-user identities in the cloud. Depending on the application type, the users are also assigned appropriate access privileges in the Azure AD B2C. However, before the application developers onboard users and assign privileges, they will need to make sure that they are who they claim to be.
The process of establishing identity has evolved. Many of us still think of it as a cumbersome process of walking into a branch and presenting our driver’s license or passport, maybe even a birth certificate in order to create a new account.
Modern applications rely on online identity proofing to meet a variety of compliance regulations, to combat online fraud and to drive customer acquisition in a user-friendly and seamless way. Given the current pandemic, remote identity verification is especially preferred since face-to-face interactions may no longer be feasible. In fact, COVID-19 has exposed just how woefully underprepared enterprises were for a world without branches and retail outlets.
The diagram below depicts how Azure Active Directory B2C is used to facilitate identity verification and proofing by collecting user data, then passing it to Jumio to perform ID validation, selfie corroboration and approval for user account creation.
Jumio establishes digital identity by requiring the user to capture a picture of a government-issued ID and take a corroborating selfie with their webcam or smartphone. Requiring a government-issued ID (e.g., a driver’s license) establishes a robust trust anchor that carries over into the future for all subsequent authentication events. This trust anchor is fortified with biometrics (matching the face in the selfie to the picture on the ID), and certified liveness detection ensures the person providing that credential is physically present.
Compare this to legacy methods of identity verification where an app or enterprise may ask the user for their name, address and Social Security number or National Insurance number. This data is then checked against myriad third-party databases or credit bureaus which presumably proves that the user is who they claim to be. But, given the number of large-scale data breaches, social engineering and the dark web, organizations can no longer trust self-reported information. They need to rely on a more robust trust anchor.
Against this backdrop, biometric-based identity verification has quickly emerged as a best practice. In fact, Gartner recommends that identity proofing solutions that rely on shared secret verification, such as out-of-wallet knowledge questions, or memorable personal data, be phased out. The 2019 Gartner Guide for Identity Proofing and Corroboration states that “the concept of high memorability, low availability data has become archaic since the rise of social media and the subsequent plethora of breached data available through underground organizations.” Using government-issued photo ID verification is significantly more secure and reliable than knowledge-based authentication. It’s also a powerful fraud deterrent because of the selfie/liveness check requirement.
As the world becomes more digital and mobile device-centric, it’s increasingly imperative to deliver a simple, fast, and powerful identity-proofing experience — not only at account creation but throughout their lifetime as a customer. Jumio’s Identity Verification integration with Microsoft Azure Active Directory provides customers with identity proofing and fraud deterrence capability while minimizing user friction. It provides global coverage of 3,500 IDs in more than 200 countries and territories, so you know that your entire user base is covered for faster, frictionless and secure onboarding.