Currently using Azure AD B2C as our authentication provider and we have a requirement to access logs of all user login activity for our custom application.
If I navigate to the B2C portal, Users>Sign-in logs I only see sign ins for Application of type "Azure Portal"?
Is there anything that needs to be enabled for a custom app registered in the "App registrations" section to see this activity?
You can't see user sign-ins for individual Azure AD B2C applications under the Users section of the Azure Active Directory or Azure AD B2C pages in the Azure portal. The sign-in events there show user activity.
For Workound You can check the users login to your custome app using filter the Application Name.
AZureADB2C->User->SigninLogs
Like I have shown in below Picture.
Related
I am trying to customize the Developer Portal in the APIM.
One thing that is important to me is user management. I want to use Azure AD B2C to handle all of my user Authentication/Authorization and remove DevPortal's own sign-in/signup section.
I could get rid of those widgets but the User profile is the issue now. My problem is not about widgets.
I don't see anywhere to update the user profile.
User info is so limited (user_name, last_name)
I want to update users from AD B2C and see that extra info in the portal. Is there any way to update user dto in the portal?
I want to update users from AD B2C and see that extra info in the
portal. Is there any way to update user dto in the portal?
One of the workaround you can follow to achieve the above requirement,
To customize the APIM developer portal by adding authentication method as Azure AD B2c we need the following perquisite first;
Create AzureAD B2c tenant.
Add user flow (Signin-signup policy)
Register an application in that tenant .
Add secret and copy the value to use in next .
So, To remove the identity as username and password you can delete them as shown below;
After creating all the aforementioned perquisite now click on Add and select the identity as Azure AD B2C and provide the required details.
For e.g;-
Select the identity as Azure AD B2C and provide the required details;
After done with the above steps Navigate to Developer portal and click on sign to check if the Azure AD B2C authentication is added or not.
For more information please refer this Tech-community blog |How to integrate Azure Active Directory B2C into Azure API Management Developer Portal.
And this ;
MICROSOFT DOCUMENTATOIN| How to authorize developer accounts by using Azure Active Directory B2C in Azure API Management .
Similarly, If want to authenticate with Azure AD we can do in the same way by selecting identity provider as Azure Active directory.
I would like to build a web site that will allow any customer to login using their Azure AD. How can I do that? I have used previously authentication with Azure AD for my organization but how can I enable that for any customer? Sort of allowing customers to login with Facebook or Google, instead, when they click login they will be redirect to Azure AD.
If you want to use a personal account or social account to log in to the Azure AD application, you only need to modify the manifest configuration of the existing application, and then change the /tenant id endpoint to the /common endpoint.
To change the setting for an existing AD App, navigate to the Manifest blade of it in the portal, find the signInAudience attribute, set it with AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
In the Azure AD B2C Blade specific to that B2C Tenant is the Applications blade. When creating an Application from the Applications Blade in the Tenant there is no option to set the homepage url.
This is different than When creating an App Registration in the outer hosting Azure AD app registrations. When I register an app with Azure AD (in the B2C tenant) I get the option to set the URL home page for the app registration.
Why does MS grey out and suppress the Homepage URL in the Applications in the Tenant? Menu path to the blade is: Home > Azure AD B2C – Applications > MyApp-Properties .
MS warns you that for all B2C Tenant Applications you can only manipulate the app via the Web Portal GUI and that you should not use graph, PowerShell, or other screens to do the editing.
Anyone know why this B2C App url homepage field is not available to applications in the B2C tenant?
The actual "Applications" Created within the B2C Blade are not stored within the associated tenant. These app registrations are associated to the B2C Service itself.
As the Home Page URL is not actually used by B2C (it is more used by things likethe App Portal or other services like Application Proxy) there is no need to supply it.
Does anybody know why when I invite users to my Azure AD B2C some of them see different web page after clicking on invitation email? For example, user will #gmail.com will be asked to created Microsoft account but layout of this page will be different if his email would end with #mvrht.net.
I've tried to search anything on web but didn't find anything. Is there some kind of "magic? algorithm that decides this?
Azure AD B2C Users should NOT be created via the Users & Groups blade.
This blade, while available from the Azure AD B2C Edit Settings blade, is meant at this time to be used to manage users for regular (corporate/enterprise) Azure AD. While it is technically possible to create/add users via this blade, you'll end up with undesired/unexpected behavior such as users being created with #tenantname.onmicrosoft.com or having them created as Guests via the Azure AD B2B Collaboration feature (which is what's happening with your #gmail users) that ultimately can't sign in to your Azure AD B2C integrated applications.
In the context of Azure AD B2C, you should only use this blade to browse the users in the tenant, always in read only mode.
To create Azure AD B2C users, you should either:
Have the users sign-up by themselves via the Sign-up or unified Sign-up/Sign-in policy.
Programatically pre-create the users via the Graph API. For this approach check out this sample which contains a CLI to create users and showcases the code behind it.
Source: How do you add a user with a local name in Azure Active Directory B2C?
I've been following this guide to get a B2C AD up and running
Create the B2C directory in the old portal (http://manage.windowsazure.com) ensuring "This is a B2C Directory" is checked.
Register an application in the new portal (http://portal.azure.com) under the B2C blade
Create the sign in policy.
When I try and test the sign in policy with the "Run now" and try and log in with my local account (the same one which has created the B2C AD -- the global administrator for this new AD) all I am met with is "We don't recognize this user ID or password".
What have I missed here?
I am able to reproduce this issue too. If you want to manage the users for the Azure B2C tenant, you can login the classic Azure Portal from here. However, currently there are a couple of known issues with user management (the Users tab) on the Azure classic portal:
Refer here about the Azure Active Directory B2C: Limitations and restrictions.
And if you want Azure AD to enable to login with the default global admin account, you can submit the feedback from here.