Microsoft Entra ID · B2C & External Identity
External Identity Provider Administrator
Can configure identity providers for direct federation with external organizations for B2B collaboration.
Scope: External identity provider configuration for B2B federation
Permissions
- Manage identity providers
- Create identity providers
- Delete identity providers
- Read identity provider properties
- Update identity provider settings
- Configure SAML/WS-Fed identity providers
- Configure social identity providers (Google, Facebook, etc.)
- Manage domain federation settings
- Configure direct federation for B2B
Common use cases
- B2B direct federation setup
- Partner identity provider integration
- Social login configuration for B2C
- SAML federation with external organizations
- Workforce identity provider configuration
- Multi-tenant collaboration setup
Best practices
- Document all federation configurations
- Test federation before production use
- Coordinate with partner IT teams
- Implement certificate expiration monitoring
- Review federation settings periodically
- Use PIM for just-in-time access
- Maintain federation documentation
- Plan for certificate rotation
Security considerations
- Federation trusts external identity providers
- Misconfigured federation can allow unauthorized access
- Certificate management is critical
- Monitor federation authentication events
- Alert on federation configuration changes
- Review federated user access regularly
- Consider MFA requirements for federated users