I want to explore using Age Gating in Azure AD B2C. What do I need to do to access Age Gating related settings in the Azure portal?
I've read the article at:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/basic-age-gating, however the instructions contained therein do not seem to apply to my Azure AD B2C tenant or workflows, as I can only get as far as "Step 2.[...] search for and select Azure AD B2C". Once I do this, there is no "Properties" to select.
I believe I've searched through all relevant pages in the azure portal and cannot find any mention of Age Gating.
Possibly related: I can see the "Legal Age Group Classification" user attribute in the overall user attribute list, but it does not appear as an option to select under the sign up/sign in workflow user attribute list.
Mine also was not showing at first, but when I clicked the link "Try the age gating preview" under the "What's new" section, the properties blade appeared.
After selecting the link you should be able to see the Age Gating configuration options in the Properties blade.
Related
We are inviting the external users using Graph Api B2B to our tenant, When the user tries to log in to our application, it will ask the user to review the permission. On that screen, we need to provide the link for our organization's Privacy.
I know they're an option to configure this but somehow I am not able to find the option in the Azure portal. Can anyone help me with this
You add your organization's privacy information in the Properties area of Azure AD.
1.Sign in to the Azure portal as a tenant administrator.
2.On the left navbar, select Azure Active Directory, and then select Properties.The Properties area appears.
3.Add your privacy info for your employees.
For more information, please see the official documentation.
In Azure API Management you can enable integration with AAD, by following the guidelines in this article:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
This part describes the sign in after setting up AAD integration:
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad#a-idlogintodevportalsign-in-to-the-developer-portal-by-using-an-azure-ad-account
In step 3 of of this part, the following is mentioned:
"You might be prompted with a registration form if any additional information is required."
I don't want to bother my consumers with this dialog, but I can't find what 'additional information' is meant here.
The sign up dialog only shows email, first name and last name.
Anyone knows what information the registration process is missing, which leads to this dialog to show up?
I don't want to bother my consumers with this dialog, but I can't find what 'additional information' is meant here. The sign up dialog only shows email, first name and last name.
If you don't want to enable the registration process, you could delete Username and password
provider from azure portal.
It will just use the Azure AD provider. then it will not prompted with a registration form.
Updated:
If I click sign up, I get the registation is disabled.
After consulting the Azure API Management product group, it became clear you cannot disable this dialog at the moment.
The documentation is mentioning the dialog is only prompted in a certain case, but that's is not accurate. The dialog will always be shown when you sign in on the developer portal, when the Azure API Management is integrated with AAD.
I have two azure subscriptions, one personal, tied to my Microsoft ID, and another under a different Microsoft ID for a charitable organization where I am the one-man IT/web dev guy. I created the org's azure account/subscription myself. I can't figure out how to create websites, etc. under my personal MS ID login without logging in and out of the separate microsoft IDs to manage both sets of Azure resources.
Logging in with the org's MS ID, in the azure portal I've made my personal ID a subscription admin (Subscriptions>Access Control>Add my personal MS ID, then right clicked to make co-administrator. This is confirmed since now a right click shows "Remove co-admin" so that implies it's correctly set up as a subscription co-admin. That user is also in the Owner Role.
Step 2, in the Active Directory for the org subscription, Users and Groups>All Users>New User, added my personal MS ID. Then I select that user, click Directory Role on the left menu, and selected Global Administrator radio button and save.
So now my personal MS ID user is a subscription co-admin and a AD Global admin in the org's azure portal.
To check, if I then go to any resource group or App Service and look at Access control I see my personal MS ID user listed as an Owner for that resource and all other resources. So everything looks good.
So if I log out of the org ID and log in with my personal MS ID and go to the Azure portal, I see my usual personal Azure account resources. But I don't understand how to either see and manage those resources in the org's Azure subscription or how to switch subscriptions, or switch directories (it's not listed on the top right), and when creating a new resource, I have no option for the org's subscription to use. How do I see/manage those resources in the org's directory? Is this even possible? Or do I need to log out and log in with the org's MS ID, which is a major annoyance since it also logs me out of outlook etc. when I switch IDs.
Azure Subscriptions are "housed" within a specific Azure Active Directory Tenant. You should treat an AAD Tenant as the top level object structure, in that each Tenant is entirely separated from each other Tenant.
If you had multiple subscriptions within a single tenant, you would be able to sign in one time, and gain access to all those subscriptions.
However, since these subscriptions look like they are in different Tenants, there is no way to avoid logging in two times to access the two subscriptions. To expand on this, there would be no way to avoid logging in two times to access any unique objects across these two Tenants.
For me, the answer was
Access Azure portal login page
Click "Sign in as a different user"
type the exact same email address
select "School or Work account" option.
This one was tied to the Azure AD and they reset my password through there. Not sure it really helps you cos signing in and out all the time still a thing, but it took me far too long to get this right so thought i'd share.
I'm using an Azure B2C tenant to store users. At present I have to go through the graph API to retrieve the user details from my MVC application.
The annoying thing however is that the most of the details I'm interested in are already contained within the list of claims within the ClaimsPrincipal.Current object (in this case name, job title and email), so for the most part this call isn't actually needed. Department is the only one not included by default and is the only reason I'm making the call. In addition going through the graph API seems to slow things down enormously when running the site on Azure.
Is there any way of including the department in the claims list contained within the ClaimsPrincipal.Current object so I can skip the call to the graph API entirely?
If I understand your question, it sounds like you are asking how to include additional claims in the ID token returned by Azure AD B2C. The claims returned are configured on a per-policy basis.
Navigate to the B2C features blade on the Azure portal.
Click All policies.
Click your sign-up policy to open it. Click Edit at the top of the blade.
Click Application claims and select the attribute. (for example "Department") Click OK.
Click Sign-up attributes and make sure "Department" is one of the attributes collected from the user.
Click Save at the top of the blade.
Click "Run now" on the policy to verify the consumer experience. You can use "http://jwt.ms" as the redirect URI to inspect the token returned by Azure AD B2C. You should now see "Department" in the list of attributes collected during consumer sign-up, and see it in the token sent back to your application.
In Azure AD B2C, I notice that into the Page UI customization for a policy, we can include some HTML code into the input field for text labels when we edit attribute (in the picture example for chekbox). Do you think it's a potential hack and Microsoft will block this behavior or is it an expected case ?
The ability to add HTML code in the input field for text labels/values is not intended to be a feature and not the intended approach to achieve UI customization. You should not rely on this as validation that prevents this can be added at any point.
To customize the UI today, you can provide your own page with a div container where Azure AD B2C will display its controls. You can certainly use CSS to further customize the look and feel of these fields. Check out this article for more info.
Azure AD B2C is also looking at adding support for custom JS which will give you further control over the UI. You can vote for that item in the Azure AD B2C UserVoice forum to support it and stay up to date on its progress