I have a B2C tenant which is used for social login to the web app, I wanted to check regarding delete my account flow.
How can I invoke it for each user who want to delete their account?
When they click delete, it should delete their entry from B2C tenant.
I tried with Graph API but that requires admin role to do that, I want social users to delete their account.
Can user delete its account from B2C tenant directory?
I found this link but not sure how to implement it or use it.
https://github.com/azure-ad-b2c/samples/tree/master/policies/delete-my-account
This sample uses a custom policy.
If you look in the policy, you'll see it inherits from "B2C_1A_TrustFrameworkExtensions". You can find this file in the starter pack.
If you haven't set up the custom policy framework, this utility will help.
Related
I am trying to customize the Developer Portal in the APIM.
One thing that is important to me is user management. I want to use Azure AD B2C to handle all of my user Authentication/Authorization and remove DevPortal's own sign-in/signup section.
I could get rid of those widgets but the User profile is the issue now. My problem is not about widgets.
I don't see anywhere to update the user profile.
User info is so limited (user_name, last_name)
I want to update users from AD B2C and see that extra info in the portal. Is there any way to update user dto in the portal?
I want to update users from AD B2C and see that extra info in the
portal. Is there any way to update user dto in the portal?
One of the workaround you can follow to achieve the above requirement,
To customize the APIM developer portal by adding authentication method as Azure AD B2c we need the following perquisite first;
Create AzureAD B2c tenant.
Add user flow (Signin-signup policy)
Register an application in that tenant .
Add secret and copy the value to use in next .
So, To remove the identity as username and password you can delete them as shown below;
After creating all the aforementioned perquisite now click on Add and select the identity as Azure AD B2C and provide the required details.
For e.g;-
Select the identity as Azure AD B2C and provide the required details;
After done with the above steps Navigate to Developer portal and click on sign to check if the Azure AD B2C authentication is added or not.
For more information please refer this Tech-community blog |How to integrate Azure Active Directory B2C into Azure API Management Developer Portal.
And this ;
MICROSOFT DOCUMENTATOIN| How to authorize developer accounts by using Azure Active Directory B2C in Azure API Management .
Similarly, If want to authenticate with Azure AD we can do in the same way by selecting identity provider as Azure Active directory.
In Azure portal under Azure AD B2C -> Users, there are two users listed both of which I added while running some of the AD examples. I want to delete both users however the delete button is disabled. How to enable the button and delete the users please?
Edit: I want to remove the user from my tenant directory and any apps they are associated with. If the user is associated with other tenants I don't want to touch that configuration.
Under roles and administrators I am shown as "Global administrator".
This is a paid Azure subscription.
Is it possible you are logged in with the user that is selected in your screenshot? Because this is the only way I am able to reproduce the button being disabled.
Even if you are looking at a B2C directory, you will also have the "normal AAD" users in this list, which are used to manage the directory. This way it could look like you have a user which signed up using a B2C user journey, when in fact it was not.
Is it possible to configure single sign on to work with for both AzureB2C and B2B tenant?
I know it can be configured for AzureAD B2C and definitely it works for AzureB2B.
Is there a way a user in my B2C tenant perform single sign on also to application in my B2B tenant?
If you are wanted your user to sign in on both B2B and B2C tenant with same email Yes you can do it.
As you know how to configure it on B2C tenant
Azure B2B allows one organization to invite members from other
organizations to share application access. It’s only one of its
service features. You may know more about B2B user here
Now in your case you can add your user B2C user here in B2B tenant or vice-versa. There is an option on azure portal New Guest User both on B2C and b2B tenant. You can easily add them up.
See the screen shot below:
Once they received invitation they would able to access the resource what they are assigning to.
User Invitation Using MS Graph
You can also do the same operation using Microsoft Graph API
You even can create a Custom user flow for newly added user. For more outline you could check here
Points To Remember For B2B
Before configuring user invitation be care about below notes!
Note: If you still have any confusion about work around for B2B and
B2C you could also refer this document
I am attempting to develop an app with only a sign in policy. To the best of my knowledge the supported methods of creating new users for b2c are using the new user dialog on the users page, and with the graph api. Is this correct? Is there a method I'm missing? Which is the preferred method?
When attempting to create users in the new user dialog, usernames become malformed, eg. username#domain.com becomes username_domain.com#EXT##domain.com
The users created through the portal cannot be used by Azure AD B2C. Azure AD B2C uses the 'signin names' property of the user to sign in. The users created through the portal can be used for sign in using AAD (enterprise scenario).
Azure AD B2C has a sample for creating user accounts using AADGraph, which can be used for creating users in cases where only signin is supported.
Create consumer user accounts
I created a B2C AD in my developer account on Azure.
In this environment I have users created in my personal AD, and users in AD B2C (where the user can log in with: twitter and facebook).
I found an ASP.NET project that logs in to these two ADs, but with two types of logins, one for normal AD and one for AD B2C. And from what I've researched, the only way to log in to these two different ADs is this way.
Does anyone know of a way to make a single login in these two ADs?
You could do it now with custom Azure AD B2C policies. It is however quite an advanced scenario.
Using them you could put all authentication behind B2C. User could choose to sign in against your Azure AD or through Twitter or Facebook on the B2C sign-in page instead of your application.
Custom policies: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
Documentation on using Azure AD as a provider in B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
GitHub repo with examples: https://github.com/Azure-Samples/active-directory-b2c-advanced-policies
Thanks for the quick response.
I tried to do this but could not find the settings needed to put Twitter, Google and Microsoft. For Facebook and other AD worked.
I found a post, that Microsoft will soon make available an "Identity Provider" to validate the user in another AD.
For now, I'll put two Sign-in in my application, one for the company's AD and another for the B2C AD.
I am now looking for a way to get the user's profile in AD (Name, First Name, Last Name, Job Title, Departament, ....).
Once this is done, I'm going to make a DEMO and publish it to github, I think this will help a lot of people.