Entra External ID
Complete customer identity and access management solution for securing external identities with strong authentication, customizable experiences, and granular access controls.
Microsoft Entra External ID provides a comprehensive customer identity and access management (CIAM) solution for securing all external identities accessing your applications and services.
Key capabilities include:
- Strong authentication enforcement with conditional access policies and multifactor authentication to prevent risky access
- Customizable user experiences with configurable branding, components, and sign-up/sign-in flows
- Scalable platform reliability that maintains performance regardless of traffic demand
- Secure collaboration tools for sharing apps and services with guest users while maintaining data control
- Identity lifecycle governance with access reviews and management for external collaborators
The platform integrates seamlessly with Microsoft 365, Azure App Services, Visual Studio Code, and other Microsoft tools to provide unified identity management across your entire portfolio.
Perfect for organizations that need to manage customers, partners, business collaborators, contractors, and other external users with enterprise-grade security. The solution offers flexible pricing with a free tier and pay-as-you-grow model, making it accessible for businesses of all sizes.
Built on Microsoft's trusted security infrastructure, External ID helps organizations establish Zero Trust principles while delivering intuitive user experiences that enhance brand recognition and customer satisfaction.
Admins can invalidate refresh tokens and sessions through the Microsoft Entra admin center and specify token lifetimes
The OAuth 2.0 client credentials grant flow is supported (currently in preview) so that server‑to‑server applications can authenticate to obtain tokens
Admins can configure security token lifetimes and revoke refresh tokens and sessions for users
The look and feel of the sign‑in page can be customized by uploading a background image, setting colors, favicon, header/footer and even custom CSS
A verified custom URL domain can be used for sign‑in endpoints via Azure Front Door so customers stay within your branded domain
Administrators can view user activity insights and metrics such as sign‑ins, new users and MFA success rates via the admin center or Microsoft Graph dashboards
The Microsoft Entra admin center allows administrators to manage user profiles, reset passwords, and disable accounts in the external tenant
Using diagnostic settings, administrators can export audit and sign‑in logs to Azure Monitor, Event Hubs or SIEM tools for analysis
Microsoft promises service level agreements and operational commitments for External ID similar to Azure AD B2C
