I have several days trying to customize the email verification of my project but it's been impossible to change anything.
I followed many times:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-mailjet
I uploaded the new custom policies B2C_1A_TrustFrameworkBase and B2C_1A_TrustFrameworkExtensions with all the changes described in the manual, but I still don't know why I can't even generate an application error and the default Microsoft email verification keeps working normally, is there any way to track what I might be missing?
You can refer to the troubleshoot documentation about turning the B2C engine into developer mode and tracking the B2C engine itself.
There is a separate documentation and technical profiles explaining how to use application insights to track user behavior during user journeys. You can discover more about this here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/analytics-with-application-insights
Related
I'm currently working on a project where I need to use a mfa with email on every login. I found signin-email-verification policy example which is perfect except for the fact that I can't seem to find a way to change the email being sent to the user. It currently uses Microsoft's personal domain and says on behalf of "xxx". I alrdy have a send grid template. And I've tried using what Microsoft azure b2c documentation has on custom mails. (their docs focuses on sign up / forgot password) which is very different from the "signin-email-verification" example I'm using.
Just need help where start looking for the right example to follow.
Links**
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-custom-policy
https://github.com/azure-ad-b2c/samples/tree/master/policies/signin-email-verification
I'm trying to configure a B2C tenant using policies instead of user flows.For that, I'm using the SocialAndLocalAccount template as start base. One of the things I'd like to do is to configure the email's verification parameters so I can choose the code's length, expiration time, etc. I don't really care about having a custom email like the example with SendGrid, just want to be able to configure the basic parameters.
I've been following the otp example they have in the documentation and managed to display the option properly but I never receive the email when clicking on "Send Code". Am I missing something? Is there another way to achieve this?
I'm new to Azure B2C and policies so I would appreciate any suggestions you might have. Thanks!
Currently, if you want to use the custom OTP generation within B2C, you have to use an external mail provider. The built in email verification has a separate combined OTP and mail provider service that is not able to be decoupled.
I attempted to implement the custom policy to allow phone authentication while setting up Azure ADb2c for my application and tried to follow the instructions present here - https://learn.microsoft.com/en-us/azure/active-directory-b2c/phone-authentication
I completed the prerequisites and believe I have everything setup correctly, but when i try to run the custom policy B2C_1A_SignUpOrSignInWithPhone, I receive a message to my phone number (based out of india) with the verification code, but when I enter the verification code into the browser, i receive an HTTP 400 with too many requests and I'm not sure why. How do I ensure that this feature will be functional if I implement it into my application. Has anyone else faced this issue ? (tried incognito as well)
SOLVED:
Looks like the file "Phone_Email_Base.xml" needed to be edited to include the tenant name in the two and tags. This was not mentioned in the tutorial and therefore took a bit of time to figure out why. I will be forwarding this to microsoft so that they can fix in their documentation.
I am new in Azure B2C. I tried to implement test app to see if we can use it in our company. I started with build-in policies and everything worked fine, but I realised that for our pourposes it is not enough. So I started to implement Custom Policies using this article from MS:
https://learn.microsoft.com/en-us/Azure/active-directory-b2c/active-directory-b2c-get-started-custom
I implemented RestApi from the article and I the Sign-Up process seems to work fine (I tested it with my own test app and with https://jwt.ms).
The account is created, but I can not log-in... I am 100% sure that email and password are correct, but i become this User/Pass Incorrect error. When I switched to the build-in policy i tested at the very beginning - i could log in with the same email and pass. So the problem is with my custom policy. The policy itself was created by MS (there is a link to github in the article). I have changed only Tenant and some minor things referenced in the article. Does anyone had such a problem before?
Problem has been solved.
As I wrote to Chris - i did the whole process of registering the apps and configuration one more time and it works now (with custom rest api).
I based on this tutorial -> https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom#register-identity-experience-framework-applications
I am attempting to our company's Jenkins from the Jenkins user database + matrix based security to using Google Login Plugin and Role based strategy plugin to give us better control of our user accounts.
With this new set up I am wondering how I could go about creating a designated user which is used by scripts which trigger Jenkins jobs remotely. I would like to do this without having to add a user to our company's GSuite account as this costs a few $ per month. Before the switch to Google Login I could just create a user manually in the Jenkins user database and take the API token from there but since switching to Google Login there is no option to add a user (which makes sense given than the users are managed by Google now). At the moment it seems like I have to choose from:
Use the old approach and forget about authenticating through google. This is not a great result as we want to minimize the number of user accounts we have to set up for new people joining the company to overhead of onboarding.
Use Google Login Plugin and create a new dedicated "Jenkins" user in GSuite for these scripting / requirements. This costs money.
Use an existing users API Token to avoid the cost of a new Google User in our GSuite account. This seems like bad practice which I'll regret at some point.
Is there a workaround which doesn't require a designated GSuite user or repurposing an existing Google users credentials just for this purpose?
I did a similar research a while ago and it seems like there is no way to do so right now.
However, I'm using SAML plugin with GSuite instead of Google Login Plugin, but from Jenkins security perspective I assume they work in the same way.
When you're using such plugin, Jenkins creates a securityRealm in its config. In my case it is:
<securityRealm class="org.jenkinsci.plugins.saml.SamlSecurityRealm" plugin="saml#1.0.7">
Therefore, to have SAML and Jenkins security matrix work simultaneously, you have to have several security realms.
Here is a ticket, which describes this issue, but it's still open
Regards!
I was also looking at how to trigger builds remotely when using the Google Login Plugin.
I ended up using the "Build Token Root Plugin" which solved this problem, without any need to create a dedicated user for this.
This plugin offers an alternate URI pattern which is not subject to the usual overall or job read permissions. Just issue an Http GET or POST to buildByToken/build?job=NAME&token=SECRET. This URI is accessible to anonymous users regardless of security setup, so you only need the right token.
https://wiki.jenkins.io/display/JENKINS/Build+Token+Root+Plugin