I am new to Azure AD and trying to setup and learn Azure AD B2C. I am able to run built in user flows and created custom policies to update user profiles. But Just wanted to check, if end users of my applications can edit their profile using https://myaccount.microsoft.com ? Or built-in user flows and custom policies in Identity Experience Framework are the only two options?
No, that link is for Azure AD, not B2C.
You have to use the B2C flows.
Related
I have an requirement to implement both Azure B2C and B2B in a single application where B2C is used to login/signup, after user's login/signup the B2B is used to get Microsoft Intune Access??? is that possible to implement this flow?? any help will be appreciated.
Yes you can add multiple providers to most applications, for example if you use API's and azure functions or webapps etc, this can done either with EasyAuth or in your own code.
In simple terms you end up adding AAD as one provider and B2C as a second provider, meaning that your application will trust tokens from both services and then you go from there.
I have old users Authentication flow depend on AspnetIdentity and we are planning to move the authentication from our end to use B2C
What is the easiest way to do that
and update AD b2c with the existing users
The link provided by #Chauncy is correct. You can migrate users to Azure AD B2C according to the two migration methods provided in the document.
Migrating from another identity provider to Azure Active Directory B2C
(Azure AD B2C) might also require migrating existing user accounts.
Two migration methods are discussed here, pre migration and seamless
migration. With either approach, you're required to write an
application or script that uses the Microsoft Graph API to create user
accounts in Azure AD B2C.
Our organization has a on premise Active directory.For few of our applications we want to implement authentication mechanism using Azure AD. Following is the requirement:
1) Organization users will be authenticated by Azure AD
2) External users will be authenticated by Azure AD B2C
3) Whenever an external user is trying to access the application, application will redirect the user to B2C login page.
Can anyone help me with steps for the solution?
Also, is there any issues to implement the security mechanism using Azure AD and B2C if the application resides in AWS?
For a specific sample of how to implement these custom policies, see Woodgrove Groceries demo, which enables users to sign in with either:
An "individual customer" account (i.e. a local account that is managed by Azure AD B2C or a Google or Microsoft account that is federated with it); or
A "business customer" account (i.e. an Azure AD account that is federated with Azure AD B2C); or
A "partner" account that is a direct federation between the end-user application and Azure AD (where Azure AD B2C doesn't act as an intermediate federation).
For your use case B2C custom policies are perfect fit. you can get start on custom policies from https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom
1) Organization users will be authenticated by Azure AD
You can integrate this in custom policies. Example: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
2) External users will be authenticated by Azure AD B2C
Once you add custom policies those will allow you to login users from external network/ social IDPs
3) Whenever an external user is trying to access the application,
application will redirect the user to B2C login page.
It's all about configuration. If you configure properly it will take you to B2C login page. If you stuck while integrating drop comment here.
Also, is there any issues to implement the security mechanism using
Azure AD and B2C if the application resides in AWS?
I don't think you will face challenges. Cloud redirects will happen and works fine with B2C too.
As per Azure AD B2C documentation we can configure SSO for Azure AD B2C application. We want our user to do self-registration for the application thus opted for AD B2C.
However after creating B2C tenant account and configuring all the policies. I am unable to find option to configure SSO. Since after 30th Nov 2017, Active Directory will only be available in new portal. Kindly provide reference wrt new portal.
. Any help will be appreciated.
Thanks in advance.
SSO integration in Active Directory is totally different from SSO integration in an application through AD B2C. It took some time for me to verify all the links and steps. Hope this will help others.
Below are the steps to configure SSO in AD B2C. Create AD B2C and configure all the policies.
Once you have configured all your policies go to ALL policies node, it will list all the present policies in your application. Then click on singin policy. Alternatively you can directly click on sign in policy.
Once you click the EDIT option, you will see the option for 'Token, session and single sign-on configuration'. Configure those and you are done to use SSO.
For more details about the token, session and sso config please refer here
Create couple of application to verify that the SSO is working fine.
Happy Coding.
As the document in the your question said,if you have multiple applications and policies in your B2C tenant, you can manage user interactions across them using the Single sign-on configuration property. You can also add external identity provider like Google, Facebook and etc.
If you want to know how it works and how to configure SSO in Azure AD B2C, you can refer to this document.
Also, If you want to configure SSO for applications in your B2C tenant(the Directory).
Go to Azure portal > Enterprise applications> Add Non-gallery applications or in applications in Gallery.
After adding apps in Enterprise applications, you can select your app and enable SSO for it.
Hope this helps!
Update
Adding custom applications requires Azure AD Premium.
You can also active Azure Active Directory Premium free for one month.
Now, you can add your own custom applications in Enterprise Applications and then configure SSO for it:
I am trying to cater for a broad set of auth and identity management requirements, homogenizing this area of functionality across different legacy applications, and looking into Azure AD B2C as an option.
It seems as though there may be a need for maintaining contact information on a group. For example, we may need to group users according to their 'reseller,' and we may wish to have additional info about the reseller within Azure AD B2C.
Is this possible in AD B2C?
It is possible to add custom attributes to a group in Azure AD B2C using the same mechanism that's available in regular Azure AD via the Azure AD Graph: Directory schema extensions.
Note that while you can use groups in Azure AD B2C, sending group claims in the token isn't yet supported, so you'll need to make a separate call to the Azure AD Graph to obtain a user's group membership and details about the group. You can always vote for this ask in the Azure AD B2C feedback forum: Get user membership groups in the claims with AD B2C