All,
I have been trying for hours to show to Identity Providers menu in Azure AD B2C to no avail as I need to add FB as Identity Provider. May I know if there is a role I need to assign myself. I have assigned all roles to myself including the global administrator role.
Based on your screenshot, It shows:
This is not an Azure AD B2C directory. To create a new B2C directory &
manage your consumer identities in the cloud, click the articles
below.
Make sure you follow the steps to create the B2C tenant.
If you have created it, you need to switch to the B2C tenant.
Related
I am trying to customize the Developer Portal in the APIM.
One thing that is important to me is user management. I want to use Azure AD B2C to handle all of my user Authentication/Authorization and remove DevPortal's own sign-in/signup section.
I could get rid of those widgets but the User profile is the issue now. My problem is not about widgets.
I don't see anywhere to update the user profile.
User info is so limited (user_name, last_name)
I want to update users from AD B2C and see that extra info in the portal. Is there any way to update user dto in the portal?
I want to update users from AD B2C and see that extra info in the
portal. Is there any way to update user dto in the portal?
One of the workaround you can follow to achieve the above requirement,
To customize the APIM developer portal by adding authentication method as Azure AD B2c we need the following perquisite first;
Create AzureAD B2c tenant.
Add user flow (Signin-signup policy)
Register an application in that tenant .
Add secret and copy the value to use in next .
So, To remove the identity as username and password you can delete them as shown below;
After creating all the aforementioned perquisite now click on Add and select the identity as Azure AD B2C and provide the required details.
For e.g;-
Select the identity as Azure AD B2C and provide the required details;
After done with the above steps Navigate to Developer portal and click on sign to check if the Azure AD B2C authentication is added or not.
For more information please refer this Tech-community blog |How to integrate Azure Active Directory B2C into Azure API Management Developer Portal.
And this ;
MICROSOFT DOCUMENTATOIN| How to authorize developer accounts by using Azure Active Directory B2C in Azure API Management .
Similarly, If want to authenticate with Azure AD we can do in the same way by selecting identity provider as Azure Active directory.
I have an Azure AD B2C tenant and when I go to the 'Overview' tab, I see the following message:
This is not an Azure AD B2C directory. To create a new B2C directory & manage your consumer identities in the cloud, click the articles below.
I don't understand why this is being displayed, and what the implications would be.
I thought that it was impossible to have a tenant without a directory.
How do I fix this issue?
I think what you see should be this prompt:
The reason is that you are currently logged in to the directory of the Azure AD tenant and not the directory of the Azure B2C tenant. When you click the Azure AD B2C tab in the Azure AD tenant directory, you will receive this prompt.
So, make sure you have a B2C tenant, and then select Directory + Subscription filter in the top menu of the Azure portal, and then select the directory that contains Azure AD B2C tenants.
In my case Azure Portals incapability to update (and show) the newly created (B2C) directory was the problem. A logout / login solved this.
I am unaware how much time needs to pass though ;).
I am referring following example : https://azure.microsoft.com/en-in/resources/samples/active-directory-dotnet-webapp-roleclaims/
I have created main (physical) Azure B2C Tenant, in that I am managing virtual tenant.
e.g. Azure B2C Tenant (Main)
- Virtual tenant in Storage table
- Tenant 1
- Tenant 2 etc.
But I have single AD and I want to separate the user based on Tenant.
How can I achieve this with Role base user management for tenant ?
Role based user management is yet not supported in Azure AD B2C. I would recommend you request this in the Azure AD B2C feedback forum.
I can think of two options for you:
Use a custom attribute to assign users their "tenant". You would then need to make sure you set this custom attribute via the Azure AD Graph. You can then include this claim in your token and use it in your application to drive behavior.
Define Azure AD groups that map to "tenants". However, given that in Azure AD B2C, groups are not included in the claims, you won't be able to do what's recommended for Azure AD, instead, you will need to query the Azure AD Graph to retrieve the user's group membership and drive behavoir from that.
I've been following this guide to get a B2C AD up and running
Create the B2C directory in the old portal (http://manage.windowsazure.com) ensuring "This is a B2C Directory" is checked.
Register an application in the new portal (http://portal.azure.com) under the B2C blade
Create the sign in policy.
When I try and test the sign in policy with the "Run now" and try and log in with my local account (the same one which has created the B2C AD -- the global administrator for this new AD) all I am met with is "We don't recognize this user ID or password".
What have I missed here?
I am able to reproduce this issue too. If you want to manage the users for the Azure B2C tenant, you can login the classic Azure Portal from here. However, currently there are a couple of known issues with user management (the Users tab) on the Azure classic portal:
Refer here about the Azure Active Directory B2C: Limitations and restrictions.
And if you want Azure AD to enable to login with the default global admin account, you can submit the feedback from here.
I am testing azure B2C AD, I followed this tutorial:
https://azure.microsoft.com/en-gb/documentation/articles/active-directory-b2c-devquickstarts-web-dotnet/
I have tested login with "local account" and Facebook everything is working perfect. I see that I can add a custom identity provider.
Can I add another Azure AD (not B2C) so that the users from that AD can login into my web application ?
Adding another Tenant or allowing any other AAD Tenant are currently on the backlog. It is not possible to do those at this time.
Please do share your scenario so that we evaluate it in the planning.
thank you,
Vikram.