How do I make built-in user attributes mandatory during signup? Is it possible without using a custom policy?
Ok, I found it under Azure AD B2C, User flows, my signup user flow, Page layouts (and click on Local account sign up page).
Related
I have an existing login page. Can I integrate Azure B2C into it instead of using the login screens provided by and hosted by Azure AD B2C?
A similar question was asked 4 years ago but the answer is most likely out of date: Can I use my own UI to authenticate users with Azure AD B2C?
You could have a look at the embedded sign up / sign-in option.
"For a simpler sign-up or sign-in experience, you can avoid redirecting users to a separate sign-up or sign-in page, or generating a pop-up window. By using the inline frame HTML element, you can embed the Azure AD B2C sign-in user interface directly into your web application."
If you are really determined to use the form of your own which has nothing to do with AAD B2C then the only solution you're left with is a Resource Owner Password Credentials grant where you explicitely send username/email and password over to AAD B2C and get a token in return.
Here's docs ref: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-user-flow
Be aware though that this flow is not suitable for modern applications for security reasons and in principle should rather be used only for legacy solutions.
I am in the process of setting up Azure AD B2C and including an API connector in the profile creation. I use the policy Sign up and sign in from the user flows. Now I want to add a user attribute I created myself. This should not be visible under User attributes (the user should not fill this field himself) but should be filled by the API and returned under Application Claims and in the token. Is this possible with the user flows? Or is this currently only possible with the Custom policies under Identity Experience Framework?
Thanks for your answers
The way to do this with Azure AD B2C user flows would be to use JavaScript to hide the field so that is not visible to the user even though it is selected as an attribute in the user flow.
A similar approach is user to enable captcha while signing up as well in this sample - https://github.com/Azure-Samples/active-directory-b2c-dotnet-sign-up-user-flow-captcha.
Here is the official documentation for using JavaScript in user flows - https://learn.microsoft.com/en-us/azure/active-directory-b2c/javascript-and-page-layout.
I am attempting to develop an app with only a sign in policy. To the best of my knowledge the supported methods of creating new users for b2c are using the new user dialog on the users page, and with the graph api. Is this correct? Is there a method I'm missing? Which is the preferred method?
When attempting to create users in the new user dialog, usernames become malformed, eg. username#domain.com becomes username_domain.com#EXT##domain.com
The users created through the portal cannot be used by Azure AD B2C. Azure AD B2C uses the 'signin names' property of the user to sign in. The users created through the portal can be used for sign in using AAD (enterprise scenario).
Azure AD B2C has a sample for creating user accounts using AADGraph, which can be used for creating users in cases where only signin is supported.
Create consumer user accounts
I searched in google for how to add CAPTCHA in b2c signup policy. but not getting any article so for. Is there a way to add CAPTCHA inside sign-up and sign-in process of Azure B2C? or any workaround
Currently, because Azure AD B2C doesn't allow custom or third-party JavaScript, which is required for CAPTCHA, then this isn't possible.
It will be possible when Azure AD B2C does support Javascript.
The current alternative is to verify the email address for a new user during sign-up.
I am implementing Sign in by using Azure AD accounts scenario, described here -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
I understand how to change custom policy in file SignUpOrSignIn.xml, but I don't want users to sign up freely into my application.
I want to use sign-in only policy, but there are no sign-in only policies files in the starter pack.
Is it possible to have Azure AD login button on sign-in only screen?
You can remove everything related to sign-up and any other user journey you don't want, from a combined policy.