Skip to main content

Setup Azure AD B2C: Identity providers & Policies

This blog post will be the second part of the Setup Azure AD B2C blog series. From this blog post, we will be able to set up identity providers and policies to the Azure B2C AD.

Identity providers

An identity provider (abbreviated IdP or IDP) is a system entity that creates, maintains, and manages identity information for principals while providing authentication services to relying applications within a federation or distributed network

Azure AD B2C - Identity providers

Azure supports many identities such as social, enterprise, or local account identities in B2C AAD. The following image shows some of the identity providers that currently B2C AAD support.

As you can see AAD B2C Supports numerous identity providers. Except for Local account every other identity provider, you have to configure manually.

Configure Social IDP

In order to use social identity providers, we need to configure them first. Different identity providers use different ways to configure IDP. So to give you a general idea I will list a set of steps that are common for most IDPs.
  • First, you need to find the IDP's developers portal. I have listed down some below,
Facebook
https://developers.facebook.com/apps/
Github
https://github.com/settings/developers
Linkedin
https://www.linkedin.com/developers/
Microsoft Account
https://portal.azure.com/
Google
https://console.developers.google.com/
Amazon
https://aws.amazon.com/cognito/
  • Then, create a new app by providing the necessary information.
  • Add Permissions, APIs or Products to your newly created app.
Your Permissions, APIs or Products should be related to the Login or Sign in. 
Facebook Login Product

Microsoft (Azure) Sign in API/Permission

Linkedin Sign in Product
  • Copy newly created app's App Id and App Secret (If you don't have the Secret with you, probably you have to generate it)
  • Navigate Azure AD B2C - Identity providers.
  • Click on the desired IDP where a window will fade in from the left-hand side.
  • Origin URL and Callback URL will be auto-filled but you have to give a friendly Name and paster those App Id and App Secret as Client ID and Client secret here.

Configure Custom IDP

If you are using OpenID Connect, you have to configure with more information. 


Once all set we can now move to policies.

Azure AD B2C - User flows (policies)

After setting up identity policies. We need to add user flows (policies) for,
  • Sign up and sign in
  • Profile editing
  • Password reset
Navigate to User flows (policies) page. 


Top left corner you can find the New user flow button. Click on it.


For this article, I will set up Sign up and sign in user flow. You can select the desired user flow.


In the Create window, you need to fill out needful.
  • Name - Name for the user flow. Mainly for reference purposes.
  • Identity providers - Screen will list down all the configured IDPs including Email signup (Local account). Select what you need.
  • Multifactor authentication - Sign up and sign in user flow support the second factor for verify identity.
  • User attributes and claims - You can select attributes (values collected at the sing up) and claims (values about the user returned to the application in the token) needed.


Once user flow creates it will be listed in the User flows (policies) page. Click on the newly create user flow will redirect to its settings page. there you can change user flow settings as required.

Settings


  • Properties - Multifactor authentication, Token lifetime, Token compatibility settings, Session behavior, and Password complexity properties can be changed from this section.
  • Identity providers - Select or deselect IDPs 
  • User attributes - Select or deselect user attributes (user attributes are values collected on sign up).
  • Application claims - Select or deselect Application claims (claims are values about the user returned to the application in the token).


Customize

Page layouts - THis page will list all the AAD B2C Sign up and sign in user flow pages. Select a page to customize its appearance. You can provide your own HTML and CSS to add your own branding and layout.
Languages - You can configure your user flow to support multiple languages.

Applications 

In order to consume AAD B2C Identity Service. All the consumers need to have an application register inside the directory. This application provides consumers below information,

  • Name of the consumer's application
  • An identifier for the application
  • Brief information about consumer's application
  • Reply URLs for consumer's application
  • Secret app keys consumer's application
  • API access to consumer's application

Navigate to the Applications page. Then click on add at the top right corner.


Provide a name and the nature of the consumer's application


Once you create the application. Click on the newly created app, that will redirect to the app's properties page. There you can change above listed information.

Test user flow

When you are in this stage I hope you have a user flow that customized according to your requirement. We can run this and test newly created user flow.

Navigate to User flows (policies) page.

Click on Run user flow


Run user flow window will fade in from the left-hand side.

Select the newly created Application
Select https://jwt.ms as the reply URL
Select the desired domain and click on Run user flow
It will open a new page with Sign up and sign-in features like below,



This will end the article setup identity providers and policies to the Azure B2C AD. Hope you learn something.

May the force be with you!

Labels:

Comments

Post a Comment

Popular Posts

SSAS: The Sort Order Specified For Distinct Count Records Is Incorrect.

Symptoms During a processing time of a cube that contains a distinct count measure, the process fails with the following error message: The sort order specified for distinct count records is incorrect Cause This is most likely caused by different sort order used on the data warehouse data set and the analysis service database data set. Resolution Modify the sort order of the data warehouse data set so that it will match with the analysis service database data set. Into the Depth  Navigate to the analysis database and start to process the desired database. When the processing begins, the Process progress window will pop up. Wait till the process gets failed. After the process failed, find the failing measure group and expand to the last node where you can see an SQL query. Double click on the query and view the details. This query gives you the exact order by the column which caused you this trouble.  Execute the query using the data warehouse datab...
Post a Comment
Read more

ASP.NET Core 3.1 - Setting up React app with Typescript

With the release of .NET Core 3.1, I have decided to migrate one of my .NET core 2.1 solutions which contain ASP.NET core API project, React Web project (ASP.NET core project with react typescript template) and .NET Core Library project.  So I started the migration with the Library and API projects. Based on my experience, I think it was not a smooth migration due to the vast number of breaking changes but I managed to up and run both projects. Lastly, I have started to migrate the React ASP.NET core project. It was chaotic but I managed to up and run the project. Thought it worked I got some issues here and there so I decided not to continue with the same project rather create a new ASP.NET Core 3.1 React TypeScript template project. When you are going to create a new project, Visual Studio provided you a list of templates where you can pick desired Even though we have a project template for ASP.NET Core with React JS, there is no direct project templ...
Post a Comment
Read more

Satellite Assembly in C#

Satellite Assemblies Resource files in Dot Net Resource files are typically used to store any resources in your Dot Net application. Resource file allows you to store images, icons, audio, files, strings and other types of resources. Of cause it is not mandatory to keep them inside a resource file. But when it comes to localization it is recommended to work with the resource file. localization Which means based on the user's language and culture change the application and the resources. How to archive localization with resources? Seems to be an impossible task. But to make the impossible possible, Dot Net provides you a special assembly called "Satellite Assembly" Satellite assemblies are assemblies that containing resources specific to a given language and culture. Using satellite assemblies, you can place the resources for different languages in different assemblies, and the correct assembly is loaded into memory only if the user selects to view the ...
Post a Comment
Read more