Share your experience using NEVIS nevisIDM

I have been using Microsoft Entra External ID for about seven months, currently evaluating and using it for deployment for our customer. I'm using Microsoft Entra External ID right now.

I have no relation to Microsoft; I am a consultant and customer of Microsoft. My customer purchased Microsoft products and they are trying to purchase and deploy Microsoft Entra External ID, so I'm a consultant, an independent authentication and identity consultant for them. I give them advice and I completed a POC about what I call EID, Microsoft Entra External ID, and Azure AD B2C, which is their X B2C product and they sell both EID and Azure AD B2C, planning to discontinue Azure AD B2C maybe after 2030, with a promise to extend support until that time. I provide technical information and discuss the differences between EID and Azure AD B2C to our customer, which is why I evaluate Microsoft Entra External ID right now.

The best features of Microsoft Entra External ID include its unification of B2C functionality and B2E features. Microsoft calls it B2B, but it's better to say B2E since it means business to inside of your company, similar to the old Azure Active Directory. EID has both B2C functionalities and B2E functionality.

EID has a unified external identity provider, external application, and external user, unifying these objects and internal workforce users, as Microsoft calls them. EID unifies workforce users with external business partners, which is a very strong feature. Azure AD B2C cannot unify both, as it only provides B2C consumer identity IAM platform features. Therefore, the most important feature is the unification of B2C and B2E.

I have utilized the adaptive authentication feature of Microsoft Entra External ID; I evaluated and adopted it in a virtual environment that mimics a real customer system, similar to a sandbox. We evaluated and deployed EID to our customer system, including authentication.

Microsoft Entra External ID can be improved with additional features, specifically customizable flexibility and a customizable user interface for the login dialog. Currently, the login dialog has very limited customization options, which only include font styles, colors, text messages, or brand icons.

Last month, Entra ID introduced some customizable features in their login dialog, but this does not apply to Microsoft Entra External ID, indicating a significant gap between the two. In theory, Entra External ID can support many external identity providers where custom login dialogs could be integrated, potentially via SSO feature coordination, although I have not yet confirmed this. Hence, enhanced customizable login options and the ability to use attribute password logins are critical features that are required for Microsoft Entra External ID to gain dominance in the authentication market.

The initial setup of Microsoft Entra External ID is not overly complex, although it's essential for an administrator to fully understand the background theory and architecture of both Microsoft Entra External ID and Azure portal, as well as Entra ID itself. This understanding can be challenging for ordinary engineers. Once you grasp the components and architecture—that is, having a tenant for Microsoft Entra External ID, Entra ID, and Azure AD B2C—it's not difficult to create the tenant and add users or external identity providers.

Microsoft Entra External ID operates entirely as a SaaS solution; they do not offer on-premises deployment options, making it straightforward in that regard.

For Microsoft Entra External ID, there are several types of users: internal, external, and invited external users. Internal users can use password authentication, while external users can use email OTP for password authentication. For B2B collaboration, internal company employees, referred to as workforce users, can log in using some authentication method linked to their Azure ID or Entra ID, allowing for SSO log-in.

The authentication methods available are very limited, and this presents a weak point. EID does not support other forms of attribute password authentication, such as phone number and password combinations. The only authentication options are UPN or email, with UPN being a format derived from the person's email and EID tenant domain. This is one of EID's weak points compared to Azure AD B2C, which offers customizable authentication options, including attribute and password combinations.

I do not have support from Microsoft; the only assistance I've received was regarding the discontinuation date of Azure AD B2C. From May onward, customers who purchased Azure AD B2C can still create tenants and utilize the service until 2030. However, companies without a Microsoft license for Entra ID or Azure portal cannot add Azure AD B2C, creating logistical issues for some of my clients who are unable to evaluate the platform. This has introduced some challenges for consultants.

The initial setup of Microsoft Entra External ID is not overly complex, although it's essential for an administrator to fully understand the background theory and architecture of both Microsoft Entra External ID and Azure portal, as well as Entra ID itself. This understanding can be challenging for ordinary engineers.

Once you grasp the components and architecture—that is, having a tenant for Microsoft Entra External ID, Entra ID, and Azure AD B2C—it's not difficult to create the tenant and add users or external identity providers. However, bringing in an identity consultant during the initial setup phase can greatly streamline the introduction of Entra ID; after that, operation and administration become much easier.

I do not have support from Microsoft; the only assistance I've received was regarding the discontinuation date of Azure AD B2C. From May onward, customers who purchased Azure AD B2C can still create tenants and utilize the service until 2030.

As an end user, I use both Linux and Windows products. Our organization is mostly Windows, but we have various Linux servers.

My experience with Linux includes primarily Ubuntu and Debian.

We use Ubuntu, and we don't do any LTS or long-term service; for the most part, it's all free.

I'm familiar with Autopilot; we're actually in the process of transitioning, as all our services have been on premises for a long time, and we're starting the Autopilot at this time.

I've had experience with Entra for a while; we've used it for a lot of SAML integrations and SCIM integrations with different software vendors and users.

With Microsoft Entra External ID, we utilize Entra ID. We have over 200 employees, most of whom have emails, so we handle their multi-factor authentication methods through Entra ID, app registrations, and various software vendors, along with SCIM and single sign-on capabilities.

Some of the best features with Microsoft Entra External ID are that the SAML and SCIM integrations are straightforward. We haven't had many issues with that, mainly due to the vendors we work with that aren't necessarily easy to integrate with, but overall, Microsoft Entra External ID has made it pretty easy from their side.

The positive impact of Microsoft Entra External ID on my organization is that it enhances ease of use for the administrative side. When setting up an account in one place, it propagates everywhere else, although some of our organization hasn't felt the full breadth of it yet. We're circling back to catch all the software vendors we've purchased, which has greatly improved the user experience.

Where it could be improved beyond the previous pain points is that every software vendor should have SAML or SCIM integration, and if they don't, I believe they are doing a disservice.

On the Microsoft Entra External ID side, they could improve by making more opportunities for open source software integration.

Setting up integrated SSO with Microsoft Entra External ID is a pain, but once it's set up, it's manageable. The challenge comes from our broad demographic, as we have people here for 30 plus years who aren't as computer savvy as some, but after the initial setup of single sign-on, the less tech-savvy ones have caught on quickly. It doesn't seem too disruptive for them.

We haven't utilized the adaptive authentication feature with Microsoft Entra External ID yet.

The ability to create distinct policies for different user types has helped in maintaining a secure and flexible environment.

I would rate the technical support or customer service from Microsoft a 6 to 7, maybe a seven.

The communication flow could be improved by having a direct line from Microsoft to our business rather than through an intermediary, as we're generally going through an MSP for support, which makes it indirect.

Positive

My experience with other vendors besides Netgate is non-existent.

In terms of return on investment, prior to using this product, our company managed our own mail server with all internal authentication happening on premises, resulting in a ROI in the thousands every year.

Concerning the pricing or setup costs for Microsoft Entra External ID, based on my experience with Entra and 365 in general, it shouldn't require a whole education on their software. That's been a pain point as we have specific licensing that limits our access, indicating a need for clarity without requiring extensive training.

Better integration with open source software would help us because my supervisor specifically advocates for it. We utilize a lot of open source software, including Netgate, which supports an open source firewall platform, and open source is significant in many areas of our business.

The training generally is complicated to understand, leading us to often go through a managed service provider. It shouldn't be this way, as it should be easier for medium to small-sized companies to navigate the licensing without relying on an MSP.

On a scale of one to ten, I rate Microsoft Entra External ID an eight out of ten.