Are the identity protections in this article, Azure Active Directory Identity Protection, applicable to Azure AD B2C?
At this time, Azure AD B2C does not support Azure AD Identity Protection.
You can request this feature ask in the Azure AD B2C feedback forum.
Related
I mean azure ad b2c as Service Provider and non-microsoft SAML Based IDP as an identity provider.
I want to use non-microsoft SAML based IDP to federate with azure ad b2c application which is going to be service provider.
Yes, see this link as an example of how to federate with any SAML idp:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-salesforce-custom?tabs=applications
We have 2 separate Azure Tenants. One is a parent organisations and the other is ours. Ours has a directory that has Azure AD B2C. We would like to use the parents organisation Azure AD as an Custom Identity Provider. We have got this configured and working. However, we would like to customize the UI of the parents organisation Azure AD as the branding needs to be different.
Is there a way to customize the UI of a Custom Identity Provider in Azure AD B2C? Note, we do have limited access the the parent organisations Azure AD but we are not able to change the branding/UI.
You cant do this with Azure AD B2C since AAD B2C doesn't own that federated IdP. Its up to the federated IdP to provide the branding. For Azure AD, the branding abilities are documetented here.
We would like to use Azure AD B2C for our web application to allow users to sign-in with their corporate ADFS accounts.
According to Azure Active Directory B2C: Add ADFS as a SAML identity provider using custom policies:
"Federation with ADFS accounts requires a client secret for ADFS
account to trust Azure AD B2C on behalf of the application. You need
to store your ADFS certificate in your Azure AD B2C tenant."
This means that we need to store their '.pfx' certificates (with their private key) in our Azure AD B2C tenant.
I do not see any possible setting to avoid asking for it and use the public '.cert' files.
Is my use case available in AD B2C?
To federate Azure AD B2C with ADFS you need to do the following:
Creating an ADFS Relying Party Trust.
Adding the ADFS Relying Party Trust certificate to Azure AD B2C.
Adding claims provider to a policy.
Registering the ADFS account claims provider to a user journey.
Uploading the policy to an Azure AD B2C tenant and test it.
Step 2 involves adding a signature certificate .cert file to your local ADFS server's relying party trust, and the corresponding certificate .pfx file with private key to the Azure AD B2C service.
In other words, you are right, as far as I can tell, you need to ask those you are federating with for a .pfx certificate with private key that you can store in your Azure AD B2C service.
For reference, more details are here https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp.
Is it possible to reset or change a user's password in Azure AD B2C Free Tier? If so, is there an example of how to do that?
This page seems to indicate that this is only available as paid options.
B2C is a separate service from Azure AD (though it runs on top of Azure AD).
The page you linked is for Azure AD, not B2C.
B2C allows users to reset their password by themselves if you enable the policy for that and configure it in your app: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies#create-a-password-reset-policy.
You can find pricing for B2C here: https://azure.microsoft.com/en-us/pricing/details/active-directory-b2c/
This question already has an answer here:
how to federate between Azure B2B and B2C
(1 answer)
Closed 5 years ago.
I have requirement to create a web application using AzureAD, where user may login from Organization/using their personal account(FB,Google, etc..) Can we use both B2B and B2C in same Application?
Azure AD B2B Collaboration is a feature that is not available for Azure AD B2C tenants.
However, the ability to add Azure AD as an IdP in B2C should be available very soon. Vote for it in the Azure AD B2C UserVoice forum to support this ask and be informed on updates on it's progress: Add an Azure AD Identity Provider
Alternatively, you do this in your app by setting it up to support multiple identity providers (Azure AD B2C and Azure AD). See junaas post: how to federate between Azure B2B and B2C