Can I add ADFS 2.0 as a SAML identity provider using custom policies in Azure Active Directory B2C.
It supports, check the article at https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp
Related
I mean azure ad b2c as Service Provider and non-microsoft SAML Based IDP as an identity provider.
I want to use non-microsoft SAML based IDP to federate with azure ad b2c application which is going to be service provider.
Yes, see this link as an example of how to federate with any SAML idp:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-salesforce-custom?tabs=applications
We have a Azure AD B2C SSO implementation that we configured using custom policies. We want to add Octa as an identity provider using custom policies. I couldn't find any documentation or article how to achieve this. Any help would be greatly appreciated.
We would like to use Azure AD B2C for our web application to allow users to sign-in with their corporate ADFS accounts.
According to Azure Active Directory B2C: Add ADFS as a SAML identity provider using custom policies:
"Federation with ADFS accounts requires a client secret for ADFS
account to trust Azure AD B2C on behalf of the application. You need
to store your ADFS certificate in your Azure AD B2C tenant."
This means that we need to store their '.pfx' certificates (with their private key) in our Azure AD B2C tenant.
I do not see any possible setting to avoid asking for it and use the public '.cert' files.
Is my use case available in AD B2C?
To federate Azure AD B2C with ADFS you need to do the following:
Creating an ADFS Relying Party Trust.
Adding the ADFS Relying Party Trust certificate to Azure AD B2C.
Adding claims provider to a policy.
Registering the ADFS account claims provider to a user journey.
Uploading the policy to an Azure AD B2C tenant and test it.
Step 2 involves adding a signature certificate .cert file to your local ADFS server's relying party trust, and the corresponding certificate .pfx file with private key to the Azure AD B2C service.
In other words, you are right, as far as I can tell, you need to ask those you are federating with for a .pfx certificate with private key that you can store in your Azure AD B2C service.
For reference, more details are here https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.
Is it possible to integrate Okta as an IDP (Identity Provider) for an application in Azure, where Azure would be the Service Provider?
Presently the authentication is managed by Azure AD, we have AD users that have been granted access to these applications hosted in Azure, and Use ADAL for logging in users, and obtaining tokens for securing API calls to the Backend APIs.
Can Okta be added as an IDP and added to the AAD, through SAML or WS-Federation?
Yes, OKTA is listed as one of the third-party IDPs in the Azure AD federation compatibility list which can support federation with Azure Active Directory (AAD).
The supported scenario matrix is listed here.
Hope this clarifies your doubt.
Our current application is authenticating users with a SAML IdP. We wish to retain their implementation of SAML and update the application’s configuration with Azure AD B2C, not switch to OAuth2 or OpenID Connect. Does Azure AD B2C currently support receiving authentication requests via SAML? I am unable to find this in the documentation.
Azure B2C does (has for a while) provide SAML connectivity through custom policies in the Identity Experience Framework currently in public preview - https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
Azure AD B2C does not support integrating with applications / relaying parties via SAML yet.
You can support this ask and keep up to date on its progress by voting for it in the Azure AD B2C feedback forum: (Application) SAML Protocol support.
You can configure Configure SAML Relying party application:
https://github.com/azure-ad-b2c/saml-sp
The full documentation can be found here:
https://github.com/azure-ad-b2c/saml-sp/blob/master/saml-rp-spec.md
NOTE: AS Per July 2019, SAML Relying Party support is available as a preview feature