Azure AD B2C multi step page in custom policy - azure-ad-b2c

Is It possible to create a multi step sign up custom policy in azure ad b2c ?
I mean I need to capture personal details and verify them against my database if valid? Then second page to create a username and password and store them in azure active directory.
Since I already have a design implemented for these pages I don't want to change this by using ad b2c.
Please help.

Yes, this is possible, see the Wingtip sample for Azure AD B2C custom policies which contains a sign-up or sign-in policy that includes multiple orchestration steps.
You will have to validate the personal details via a REST API.

Related

Azure AD B2C profile edit available options

I am new to Azure AD and trying to setup and learn Azure AD B2C. I am able to run built in user flows and created custom policies to update user profiles. But Just wanted to check, if end users of my applications can edit their profile using https://myaccount.microsoft.com ? Or built-in user flows and custom policies in Identity Experience Framework are the only two options?
No, that link is for Azure AD, not B2C.
You have to use the B2C flows.

Customising Azure API Management Developer Portal's user management

I am trying to customize the Developer Portal in the APIM.
One thing that is important to me is user management. I want to use Azure AD B2C to handle all of my user Authentication/Authorization and remove DevPortal's own sign-in/signup section.
I could get rid of those widgets but the User profile is the issue now. My problem is not about widgets.
I don't see anywhere to update the user profile.
User info is so limited (user_name, last_name)
I want to update users from AD B2C and see that extra info in the portal. Is there any way to update user dto in the portal?
I want to update users from AD B2C and see that extra info in the
portal. Is there any way to update user dto in the portal?
One of the workaround you can follow to achieve the above requirement,
To customize the APIM developer portal by adding authentication method as Azure AD B2c we need the following perquisite first;
Create AzureAD B2c tenant.
Add user flow (Signin-signup policy)
Register an application in that tenant .
Add secret and copy the value to use in next .
So, To remove the identity as username and password you can delete them as shown below;
After creating all the aforementioned perquisite now click on Add and select the identity as Azure AD B2C and provide the required details.
For e.g;-
Select the identity as Azure AD B2C and provide the required details;
After done with the above steps Navigate to Developer portal and click on sign to check if the Azure AD B2C authentication is added or not.
For more information please refer this Tech-community blog |How to integrate Azure Active Directory B2C into Azure API Management Developer Portal.
And this ;
MICROSOFT DOCUMENTATOIN| How to authorize developer accounts by using Azure Active Directory B2C in Azure API Management .
Similarly, If want to authenticate with Azure AD we can do in the same way by selecting identity provider as Azure Active directory.

AD users in B2C tenant

I am wondering if it is possible to let's say connect the Azure AD with the Azure B2C, in order that the Azure AD users are able to login in my custom policy. I already implemented one, including MFA.
I was reading this article, but I am not sure if it is the right way. If so, I see I have to specify the client-id. What if I have more than one application using this policy, do I have to create a policy for each one?
The linked approach is correct. You specify a clientId which represents AADB2C user-flow/custom-policy as an “Application” to the AAD IdP. So this relationship can be used per AAD B2C user-flow/custom-policy or shared across all your custom policies and user flows.
It can be useful to have separate registrations at AAD so that you could target them individually for conditional access.

Azure AD B2C auth with username and e-mail

I'm migrating all my users from a legacy IdP to the Azure AD B2C.
How can I configure the "Local account" to allow users to login with username OR e-mail?
It seems the Local Account just allows me to configure one of these options but I want to allow users to chose to login with e-mail or username.
Thank you.
Use this custom policy sample
https://github.com/azure-ad-b2c/samples/tree/master/policies/username-or-email
If you are looking to provide an option for user to choose Email/Username, using custom policy you can acheive please refer this sample
If you are looking to provide a was using built in user flow policies You can add Local identity provider with email/username in the Azure Active Directory B2C (Azure AD B2C).
For Migrating users identified using a local IdP to your B2C tenant refer this document.

B2C Sign-in only by using Azure AD account

I am implementing Sign in by using Azure AD accounts scenario, described here -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
I understand how to change custom policy in file SignUpOrSignIn.xml, but I don't want users to sign up freely into my application.
I want to use sign-in only policy, but there are no sign-in only policies files in the starter pack.
Is it possible to have Azure AD login button on sign-in only screen?
You can remove everything related to sign-up and any other user journey you don't want, from a combined policy.

Resources