The portal updates and news has been a little slow in 2018, but we have had some good small updates with enhancements to features. Most recently the portal update brought with it GDPR compatibility and within there was hidden some direction for the future of authentication of the portal. If you carefully read the GDPR article on the Microsoft Docs site you will find the following quote:
Going forward, we recommended that you use only Azure AD B2C identity provider for authentication and that you deprecate other identity providers.
😮 you might say…even local authentication?! Yes. All of the authentication in the portal is recommend to be deprecated, and that Azure AD B2C is the identity provider of choice. The key is right now it is recommended, but that is right now. Long term I think we can expect that we will truly see that all the existing authentication methods will be actually marked as deprecated, not just suggested or recommended, but forced deprecation.
The great news is the changes brought with GDPR provide the functionality to help migrate off of the recommended deprecated providers. The enhancements bring with it a way to mark existing providers, including local authentication as deprecated and bring a user experience to help existing users using deprecated providers to migrate to the Azure AD B2C provider.
What is Azure AD B2C? An Azure service that is targeted at helping your organization utilize consumer based identities within your sites and applications. It provides the ability to setup identity for any application in a super simple manner or get into complicated policies. It provides a robust identity experience that allows you to utilize any number of social providers (like Google, Facebook, LinkedIn, Microsoft Account, etc.).
Why you should use Azure AD B2C or other identity service with your Dynamics 365 portal is to abstract the identity of your users outside of Dynamics 365. This is important for GDPR to provide a hardened service that meets the requirements of GDPR but beyond GDPR it allows you to share the identities of your users outside of the Dynamics 365 portal. Native authentication with the Dynamics 365 portal, be it local authentication or using a social provider is next to near impossible to share with other applications. This makes for a bad user experience of end users having to maintain yet another username and password just for your application. Using Azure AD B2C sets you up to allow a common identity across all applications in your organization so that external users only need 1 identity and that identity can also be a social login.
The direction of the Dynamics 365 portal is clear, the future is Azure AD B2C for all authentication, both local and social providers. Even if you aren’t needing to meet the GDPR requirements it would be highly advised that all new implementations utilize Azure AD B2C with no legacy providers and that existing implementations start to plan migrating off legacy based authentications currently being used.
You can review the full GDPR article with the new deprecation settings for authentication, below is a quick summary of some of the important highlights.
You can mark the local authentication using the following site setting:
You can mark any other provider using the following format of a site setting, replacing
[provider] with the name of your provider:
Both site settings are boolean supporting true or false.
When you sign in with a provider marked deprecated it will switch into that experience of getting that user to transition to the Azure AD B2C provider.
This screen can be customized with your own content by modifying the content snippets in use on this page.
For more information please review the https://docs.microsoft.com/en-us/dynamics365/customer-engagement/portals/implement-gdpr#migrating-identity-providers-to-azure-ad-b2c article for deprecation details and Azure AD B2C provider settings for portals for details on how to configure your portal with Azure AD B2C.