Right now the ProfileEdit.xml file that comes with active-directory-b2c-custom-policy-starterpack asks the user to sign in before actually letting them get to the Edit Profile page.
The use case I'm trying to accomplish is a little bit different. The user is already signed in to the app and there's a button Edit Profile that when clicked will take the user to the Edit Profile page. That is, there should be no Sign in again.
My app allows the user to sign in using: Facebook and Local Account Signin. The custom ProfileEdit B2C policy should know which one the user used to login and just redirect the user to the ProfileEdit policy directly.
I tried messing up with the ProfileEdit Technical Profile but the mods I did didn't work.
Can anyone more experienced with Azure B2C custom policies let me know how to achieve this?
This is normal, imagine someone got to the profile edit link and bookmarked it. Then logged out. Then launched profile edit -> you need them to login, otherwise things break.
So this is actually working perfectly already, just that you will get Single Sign On, such that once you have used the Sign In journey, the Profile Edit journey will skip the sign in step.
You can test it like this:
1. Open a new browser, and use the sign in journey, login and complete.
2. Open a new tab, and paste the Profile Edit link, remove the prompt=login query parameter.
3. Execute the link, you are taken straight to modifying your profile page, rather than seeing a sign in page.
Related
I am using the DataUri: urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.0 for my signin page.
This displays the signup links from the ClaimsProviderSelection.
The issue is that I want to add additional Display claims to the signin and the unifiedssp DataUri appears to force only allowing 2 display claims. The second one is always forced to be password even if the data input type is something like a DropdownSingleSelect.
Any additional display claims are just not shown.
I am able to get the signin experience that I want with the selfasserted (urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.1) DataUri, but in that situation I have not figured out how to show the signup link.
The Documentation makes a specific comment about the setting.showSignupLink meta data only being available on the unifiedssp DataUri. https://learn.microsoft.com/en-us/azure/active-directory-b2c/self-asserted-technical-profile#metadata
Is there a way to display the signup links from the ClaimsProviderSelections on a selfasserted DataUri page? (Or a way to display more inputs on the unifiedssp)
Thanks Jon, Please verify this git hub scenario (https://github.com/MicrosoftDocs/azure-docs/issues/48091). The only way is to embed a link to sign up, which sends the user back to the app and launches a sign up policy. You cannot use the combined page since it forces username/password fields
I've followed one of the provided samples to add TOTP multi factor authentication supported by a phone app:
https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-mfa-totp
I'm therefore able to offer users the ability to enter a TOTP code:
One of the things I'm considering is ensuring users still have access to their accounts if something goes wrong during the TOTP MFA process which we're using by default. I'd therefore like to be able to add an extra link to this page to send users through an alternative MFA route without successfully completing this one in case they encounter issues: "send a code via email instead".
As far as I can tell, the B2C screens expect users to only go forward through clicking continue. The best alternative instead of a link I can think of is a checkbox which sets a boolean claim to enable an email MFA OrchestrationStep. I find this a little less user-friendly than a simple link though as it adds an unnecessary extra click.
Ideal user flow:
Login --> Display TOTP MFA screen --> Enter MFA code OR click link to go to email MFA screen
Any help's appreciated!
This sample demonstrates how to use a display control to provide multiple options (Email or MFA) for a user to continue:
https://github.com/azure-ad-b2c/samples/tree/master/policies/pwd-reset-via-email-or-phone
You could use the same idea here, except instead of invoking the MFA technical profiles as part of the samples display control, you can invoke the call to the REST API technical profile to verify the code.
You will need to use some CSS/JS to make the page look nice so users can toggle what option they want to use.
I am trying the Azure ADB2C based on articles and videos. Followed the steps and I have configured the properties for user flows as well. When I click on the Run user flow, it opens up the sign up sign dialog, I add a user with the details. Once the user is added, it goes to my reply url https://jwt.ms.
Based on the url in the browser, I felt it should have worked. But for some reason, the boxes are shown empty.
The url that I see is...
https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..EiDn2BjcA8xTRac1.2pNAFLdcbOupozfuKIC8T9VXmL4zz8iEisf6PsNyxDYzVJcl2vfwwrtMpqJvsC-xeSPyrHUgVpdblKiVfILllrOsWj7MJbTX0QNlzPEAItTGoRow3A2F4FWBR7Y28PQcxeZwa05SMpKhoNutdmnRq-usM7VMc0eYXjJ2JXTSc1piwYf14Na5We9arijagkmVvHFBDLDnjaVBUixEF5_dTGWAjnwAXRIII-plBZBoFZCZ2XtdSLu5LYWSJXBxuA5lqDaVN3OHLOP92VZkNRgB97UPIO3aSe9s44XEEGe5COpTWhzxoOXy53ydnCG8xZwYFKA_J54hGdKLGZrE-BYOW0sU7Dcevq1iwaBqJ3K3CwM6s9o6zCwsAf2pUlAuXYfwk8kA9SKi0fmNiUsSskWhUgiJTPSlqq_woWPGgX3JZpiHTDNbOCA5VUgToEYmDgReOb4M-MeCSCcKWb315vP3UPgzE1LpRet1AFMGqcNznUd8jkP39uaRdLDDP5VAZy7pmeN-GPQJYCcyfdJCRJc1yPoiRYM4SdBUecQTioRkZ95l0y1ANZ3yYSB6eAV_B83KL4EdSIM.e3NVLoGCNXgfloDFbzZimg
Could some one help me understand why the token is not being shown in the browser?
Please Note: The user is created with No issues. its just the reply of token that I see as issue.
Found the cause of the issue.
I had to enable the Implicit grant for both Access tokens and ID Tokens for the app I created.
I have a application registerd in Azure AD B2C, When new user logs in for the very first time he is redirected to the attached screen for updating the password. The issue here is that the user does not know what combination of password he needs to input untill and unless a specific combination works.
I need to customize this screen to display user friendly lable telling the user what combination of password he/she needs to enter on this screen.
enter image description here
With AAD B2C you can customize the user interface, which including the sign-up/sign-in, profile editing and password resetting experiences. This documentation outlines how to do the UX customization, test out the templates in the portal and has a few tutorials on setting it up.
Here are the specifics on password rule enforcement.
I have an Azure AD B2C account and I want to invite few people to sign-up though invitations only. Currently the sign-up site is here.
What URL should I send to the user to sign-up?
Is there a way hide the field like Country in the sign-up form but takes the value from the invitation URL?
Seems you are trying to get the sign-up URL for your user. Alright let's get started :)
What URL should I send to the user to sign-up?
You can get your sign-up URL from azure portal. Follow the below steps to get your sign-up URL
Step:1
Go to your azure B2C Tenant and click on User flows (policies) like below screen shot.
Step:2
You can create your new sign-up policy or click on your exiting sign-up policy. See the screen shot below.
Step:3
Run your sign-up policy by clicking on Run user flow button which shown on below picture.
Step:4
Once you click on Run user flow you would get following window. Just copy Run user flow endpoint this URL you have to send to your user for sign-up
Step:5
As you seen when user click on this URL they would shown below sign-up page.
Is there a way hide the field like Country in the sign-up form but
takes the value from the invitation URL?
Yes you can do it in a very simple way. Just while creating your sign-up flow you would seen 4. User attributes and claims see below screen shot:
click on show more you will be show a new window as you seen there are two row Collect attribute and Return claim check what you want to collect and need not to check what you want to hide. As I have check Country because I want to collect this information from from user and want hide in claims.
But for Display Name both I want to collect and return in claims. See the screen shot below:
Hope you understand. If you still have any problem feel free to share. Thanks and happy coding!