Azure OAuth2 and outrageous price: Do all users need to be in Active Directory at $6/month/user?

Question

We'd like to start using OAuth2 for SSO for a family of web apps. One solution is to use OAuth2 provided by Azure. It just looks unreasonably expensive, and I'm thinking there must be something I've missed.

As I understand it from Microsoft identity platform (v2.0) overview - Azure, any users that need to login with Azure's OAuth2 solution need to be in Active Directory. We don't need the users to be able to do anything else but log in to our apps, but we do want them to be our accounts and not any other accounts they may have with Microsoft already.

Looking at the AD price list, we're talking $6 user/month, if we want "Company branding (customization of logon & logout pages, access panel)" and SLAs which we do.

So assuming we have say 100,000 users that is $600,000 pr month just for OAuth2 so they can log in? Even if we could go through a "Diamond-gold-platinum partner" or something and could get that at a 1/10 of the price, it is still outrageous.

Other alternatives we're considering are Auth0, Okta or hosting our own Keycloak instance(s), so there are (much) cheaper alternatives, but is this the cheapest way to use OAuth2 for app logins with Azure's hosted OAuth2?

And will this interfere with other identities they also have with Microsoft, e.g. any Office365 accounts that have nothing to do with our applications?

Answer 1

If you're looking for an enterprise identity service for your organization's users (and apps, devices, groups, etc.), then yes, Azure Active Directory Premium P1 will give you (with a whole bunch of additional capabilities and SLA) and currently costs somewhere around $6/user/month.

However, if you're simply looking for an identity provider for your app(s) which works for any user (not necessarily users and collaborators from one organization), then you may be looking for for a consumer identity and access management (CIAM) product. In the Microsoft identity products, this would be Azure AD B2C (pricing), which gives you full customization of the sign-in and sign-up experience, user profile storage, multi-factor authentication, and OpenID Connect/OAuth 2.0 on top of all that.