Seamless Migration to Azure AD B2C for Arco
About Arco
Arco is the UK’s leading safety expert and supplier of safety equipment, workwear and maintenance supplies. With unmatched scale, reach and resources, combined with the most comprehensive range of safety products on the market, Arco provides value-added services in a way no one else can.
Offering specialist safety training services for working at height, in confined spaces and with respiratory protection – Arco is uniquely placed to help customers in every industry navigate even the most complex safety challenges.
Ensuring workplace safety is so much more than delivering products or services. Placing people at the heart of every business, it is Arco’s core purpose to keep people safe at work.
The challenge
Arco’s users were authenticated using a legacy solution from another vendor. Some users were identified by username whilst others used an email address. Arco wished to decouple authentication from their e-commerce platform and adopt Azure AD B2C as a new identity platform, benefitting thereby from its Multi-Factor Authentication capabilities (MFA).
The challenge was to switch user authentication from one system to the other with the best possible user experience, working silently where possible, but including the setup of end-user MFA. As part of the silent transfer, a username as the user ID had to be preserved for a subset of users. Branding had to be maintained throughout the user experience.
The solution
The Arco application is registered in Arco’s Azure AD. An Azure AD B2C service was provisioned as the new identity provider. The directory was populated using a snapshot of data found in the legacy identity provider with custom attributes to hold information such as account groups.
Azure Front Door was deployed to customise the authentication page domain. In this way, the sign-up, sign-in, and password reset pages are seamlessly integrated with the application and the browser address remains consistent.
Integration with the legacy identity provider was developed to streamline the switch for existing users. Existing users were not required to set a new password, and silent, “just-in-time” credential migration was achieved. For new users, the system requires email verification for identification.
Custom Policies enforce the setup and triggering of Multi-Factor Authentication on a user-by-user basis, as configured and shared by Arco. All MFA verification methods are supported.
Azure AD B2C Sign-in and auditing logs were routed to Azure Monitor in the linked Azure AD tenant. Azure Lighthouse was leveraged to connect the cross-tenant resources.
The Outcome
Arco successfully decoupled authentication from their e-commerce platform and adopted Azure AD B2C as their new identity platform, with several hundred thousand registered users enabled to achieve a silent, just-in-time credential migration.
“We are thrilled with the seamless migration to Azure AD B2C, which has significantly improved our user authentication process. With several hundred thousand registered users, the transition from our legacy authentication provider was a critical project for us. The integration of Azure B2C and Azure Front Door has not only enhanced our security with Multi-Factor Authentication but also ensured a consistent and branded user experience. The silent, just-in-time credential migration was particularly impressive, allowing our users to transition smoothly without any disruption. We appreciate the expertise and dedication shown throughout this project, making it a resounding success.” Andy Mitchell, Agile Delivery Manager