Configure Grit's biometric authentication with Azure Active Directory B2C
In this sample tutorial, learn how to integrate Grit's Biometric authentication with Azure Active Directory B2C (Azure AD B2C). Biometric authentication provides users the option to sign in using finger print, face ID or Windows Hello. It works both on desktop and mobile applications, provided the device is capable of doing biometric authentication.
Biometric authentication has the following benefits:
For users who sign in infrequently or forget passwords often resulting in frequent password resets, biometric authentication reduces friction.
Compared to Multi-factor authentication (MFA), biometric authentication is cheaper and more secure.
Improved security prevents phishing attack for high valued customers.
Adds an additional layer of authentication before the user performs a high value operation like credit card transaction.
Prerequisites
To get started, you'll need:
License to Grit's Visual IEF builder. Contact Grit support for licensing details. For this tutorial you don't need a license.
An Azure subscription. If you don't have one, get a free account.
An Azure AD B2C tenant that is linked to your Azure subscription.
Scenario description
In this tutorial, we'll cover the following scenario:
The end user creates an account with username and password (and MFA if needed). If their device supports biometric, they're enrolled in biometrics, and their account is linked to the biometric authentication of the device. Any future logins in that device, unless the user chooses not to, will happen through biometrics.
The user can link multiple devices to the same account. User will have to sign in through their email/password (and MFA if needed), they'll then be presented with an option to link a new device.
For example, user has an account with Contoso. User accesses the account from the computer at work that supports Windows Hello. User also accesses the account from the home computer that doesn't support Windows Hello and an Android phone.
After logging in with the work computer, user will be presented with an option to enroll in Windows Hello. If user chooses to do so, any future logins will happen through Windows Hello.
After logging in with the home computer, user won't be prompted to enroll in biometrics as the device doesn't support biometrics.
After logging in with the Android phone, user will be asked to enroll in biometrics. Any future logins will happen through biometrics.
Using Grit's visual flow chart multiple other scenarios can be implemented. Contact Grit support to discuss your scenarios.
Onboard with Grit's biometric authentication
Contact Grit support for details to get onboarded.
Configure Grit's biometric authentication with Azure AD B2C
Navigate to </azure/active-directory-b2c/partner-grit-editor> and enter your email if you're asked for it.
Press cancel in the quick start wizard.
In the pop-up, select Customize User Journey. Under Bio Metric, select the checkbox for Enable Biometric.
Scroll down and select Generate template, a flow chart appears.
From the left menu, select Run Flowcharts > Deploy flow charts.
If your device supports Windows Hello or biometric authenticator, select Test Authentication Journey Builder link, otherwise send the link to a device that supports biometric authentication.
A web page will open on a new tab. Under Sign in with your social account, select createNewAccount.
Go through the steps to create an account. When asked for Setup Biometric Device sign in, select yes.
Steps to perform the biometric depends on the device you are in.
A page appears that displays the token. Open the provided link.
This time the sign-in will happen through biometrics.
Repeat the same steps for another device. No need to sign up again, use the credentials created to sign in.