I am trying to customize the Developer Portal in the APIM.
One thing that is important to me is user management. I want to use Azure AD B2C to handle all of my user Authentication/Authorization and remove DevPortal's own sign-in/signup section.
I could get rid of those widgets but the User profile is the issue now. My problem is not about widgets.
I don't see anywhere to update the user profile.
User info is so limited (user_name, last_name)
I want to update users from AD B2C and see that extra info in the portal. Is there any way to update user dto in the portal?
I want to update users from AD B2C and see that extra info in the
portal. Is there any way to update user dto in the portal?
One of the workaround you can follow to achieve the above requirement,
To customize the APIM developer portal by adding authentication method as Azure AD B2c we need the following perquisite first;
Create AzureAD B2c tenant.
Add user flow (Signin-signup policy)
Register an application in that tenant .
Add secret and copy the value to use in next .
So, To remove the identity as username and password you can delete them as shown below;
After creating all the aforementioned perquisite now click on Add and select the identity as Azure AD B2C and provide the required details.
For e.g;-
Select the identity as Azure AD B2C and provide the required details;
After done with the above steps Navigate to Developer portal and click on sign to check if the Azure AD B2C authentication is added or not.
For more information please refer this Tech-community blog |How to integrate Azure Active Directory B2C into Azure API Management Developer Portal.
And this ;
MICROSOFT DOCUMENTATOIN| How to authorize developer accounts by using Azure Active Directory B2C in Azure API Management .
Similarly, If want to authenticate with Azure AD we can do in the same way by selecting identity provider as Azure Active directory.
Related
Currently using Azure AD B2C as our authentication provider and we have a requirement to access logs of all user login activity for our custom application.
If I navigate to the B2C portal, Users>Sign-in logs I only see sign ins for Application of type "Azure Portal"?
Is there anything that needs to be enabled for a custom app registered in the "App registrations" section to see this activity?
You can't see user sign-ins for individual Azure AD B2C applications under the Users section of the Azure Active Directory or Azure AD B2C pages in the Azure portal. The sign-in events there show user activity.
For Workound You can check the users login to your custome app using filter the Application Name.
AZureADB2C->User->SigninLogs
Like I have shown in below Picture.
All,
I have been trying for hours to show to Identity Providers menu in Azure AD B2C to no avail as I need to add FB as Identity Provider. May I know if there is a role I need to assign myself. I have assigned all roles to myself including the global administrator role.
Based on your screenshot, It shows:
This is not an Azure AD B2C directory. To create a new B2C directory &
manage your consumer identities in the cloud, click the articles
below.
Make sure you follow the steps to create the B2C tenant.
If you have created it, you need to switch to the B2C tenant.
I created an Azure AD B2C tenant, added applications to it and configured Postman according to this article:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2
My problem is I can't log in with user accounts which I added to my tenant.
I created two users the user type of them is member ansd source is Azure Active Directory.
But when I try to log in I get back the following error message:
"Invalid username or password."
What should I set up yet?
The users created through the portal cannot be used by Azure AD B2C. Azure AD B2C uses the 'signin names' property of the user to sign in. The users created through the portal can be used for sign in using AAD (enterprise scenario).
As Chris mentioned, one needs to use a Signup policy or Azure AD Graph flow to create a user for b2c to be able to sign in.
Please see this answer
Adding users to Azure B2C without using a sign-up policy
Does anybody know why when I invite users to my Azure AD B2C some of them see different web page after clicking on invitation email? For example, user will #gmail.com will be asked to created Microsoft account but layout of this page will be different if his email would end with #mvrht.net.
I've tried to search anything on web but didn't find anything. Is there some kind of "magic? algorithm that decides this?
Azure AD B2C Users should NOT be created via the Users & Groups blade.
This blade, while available from the Azure AD B2C Edit Settings blade, is meant at this time to be used to manage users for regular (corporate/enterprise) Azure AD. While it is technically possible to create/add users via this blade, you'll end up with undesired/unexpected behavior such as users being created with #tenantname.onmicrosoft.com or having them created as Guests via the Azure AD B2B Collaboration feature (which is what's happening with your #gmail users) that ultimately can't sign in to your Azure AD B2C integrated applications.
In the context of Azure AD B2C, you should only use this blade to browse the users in the tenant, always in read only mode.
To create Azure AD B2C users, you should either:
Have the users sign-up by themselves via the Sign-up or unified Sign-up/Sign-in policy.
Programatically pre-create the users via the Graph API. For this approach check out this sample which contains a CLI to create users and showcases the code behind it.
Source: How do you add a user with a local name in Azure Active Directory B2C?
I've been following this guide to get a B2C AD up and running
Create the B2C directory in the old portal (http://manage.windowsazure.com) ensuring "This is a B2C Directory" is checked.
Register an application in the new portal (http://portal.azure.com) under the B2C blade
Create the sign in policy.
When I try and test the sign in policy with the "Run now" and try and log in with my local account (the same one which has created the B2C AD -- the global administrator for this new AD) all I am met with is "We don't recognize this user ID or password".
What have I missed here?
I am able to reproduce this issue too. If you want to manage the users for the Azure B2C tenant, you can login the classic Azure Portal from here. However, currently there are a couple of known issues with user management (the Users tab) on the Azure classic portal:
Refer here about the Azure Active Directory B2C: Limitations and restrictions.
And if you want Azure AD to enable to login with the default global admin account, you can submit the feedback from here.