We are using Azure AD B2C with custom policies in a SPA in Kubernetes and have seen that EasyAuth can also be used in Kubernetes with Azure AD (https://github.com/Azure/EasyAuthForK8s). The page also says that "Azure AD B2C custom policies for complex identity flows" are included. Does this mean that I can include EasyAuth in Kubernetes and add it to my policies for login and registration or does Azure AD B2C handle this itself? If I can include it in my policies, are there any examples of this? I haven't found anything on this yet unfortunately.
Thanks for your answers
Related
Scenario:
Managed GCP Applications hosted on GCP with a Google cloud identity setup for customers
Want customers to access GCP managed service using their own IDP
Question:
Can I use Azure AD b2c as an IDP for Google cloud identity ?
Looking for a solution or alternate solutions which may not be that expensive
Azure AD B2C is an OIDC IdP so yes, it can be used as a federated IdP in Google Cloud Identity. Due to the similarities between Azure AD B2C and Azure AD you can follow most of the steps detailed in Configure workforce identity federation with Azure AD and sign in users with the following Azure AD B2C specific replacements:
Create a new app. As a best practice, we recommend that you create a new application in Azure AD B2C and use only the application to obtain Google Cloud credentials. To create a web app for user sign-in with Azure AD B2C and enable your app to receive tokens from Azure AD B2C, see Register a web application in Azure Active Directory B2C. Do not forget to follow the Next steps.
Skip this one.
I was able to create an App registration for Azure AD B2C inside a regular Azure AD Tenant. I was wondering what the purpose would be for this since it cannot be accessed?
The backstory of this is I was unaware that our Tenant could not have both AD and AD B2C, so I had been trying to use this App registration for my Blazor app login page. This does not work. It does not allow you to add User flows!
I since then created a new Tenant and App and that works now. But this App registration pictured here still remains under this AD Tenant (not B2C), seemingly disconnected and useless. What is going on here? Why am I allowed to create it? This App being stuck out here makes me wonder if Apps are actually independent of how they look in the Azure hierarchy and if that is beneficial in some way -- for instance, being able to register it once for many Tenants to reduce deployment/maintenance.
Azure AD applications and Azure AD B2C applications are separate products. They are independent of each other and cannot coexist in the same tenant, you will not see any Azure AD B2C applications in Azure AD tenants. Even if you click the Azure AD B2C tab to create an App registration in a regular Azure AD tenant, the application is not a b2c application, it is still an AAD application, as you can see, it does not allow you to add user flows because it is still an AAD application.
They are distinguished according to their functions. An Azure AD tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. Even if you click the Azure AD B2C tab in the regular Azure AD tenant to create an application registration, it can only use the functions in the Azure AD tenant. If you To use the features in Azure AD B2C, you can only register the application in the Azure AD B2C tenant.
I tried to config Azure B2C using custom policies and API Management Identities but it was not success.
When i used Azure B2C built-in policies, it worked perfectly.
When i used Azure B2C custom policies (with xml files), the Azure B2C provider appeared on APIM login page. After login success, i got an error message "Authentication has failed."
Does Azure B2C custom polices support APIM identities?
Thank you for you help!
I have created an Identity Provider in my Azure AD B2C for my Web Application with the help of this link:
https://learn.microsoft.com/azure/active-directory-b2c/active-directory-b2c-setup-msa-app
I just wanted to know the back-end process which will be happen while adding Identity Provider in Azure AD B2C deeply.
I’d like to use scopes in our Azure B2C instance, however all our resources are residing in a different active directory. Can I somehow also select the API instance from another Resource? Or is it possible to upgrade our main AD to an Azure B2C one? Or can we somehow move our subscription and all resources to our Azure B2C AD?
At this point in time, Azure AD B2C does not support multi-tenancy. You can vote and keep track of the feature in the Azure AD B2C UserVoice forum:
How to use Multitenant Applications Based on B2C
Without multitenancy, you will not be able to access resources from other tenants. It is also not possible to upgrade your main AD to an Azure AD B2C tenant, or have subscriptions within your Azure AD B2C Tenant.
Not entirely sure what your scenario is, but the recommended way to do this is by adding Azure AD as an identity provider. This currently can be done using custom policies, but I would encourage waiting until the feature is available through built-in policies.