Introduction:
Azure B2C is a business-to-customer identity management service. Using Azure AD B2C service, customer can use their social, and local account identities to get SSO (Single sign-on) access to your applications and APIs. In this blog, you will learn how to create an Azure AD B2C application and user flows and test it using Azure Portal.
Create User flow
User flow will provide a flow on how the application interacts with user requests for sign-in, sign-up, reset password, and edit profile
Step 1: Hop into Azure Portal AD B2C tenant
Step 2: Select Azure AD B2C service
Step 3: Select User Flows from the Policies blade and click on New User Flow as shown in the below figure,
Step 4: Select a user flow types screen that will give you a list of built-in user flow
- Sign up and sign in
- Profile editing
- Password reset
- Sign up
- Sign In
- Sign in using resource owner password credentials (ROPC)
In this blog for a demo let’s create Sign up and sign-in with the recommended version shown in the below figure,
Step 5: In the create screen, you need to define the following fields
1. Name: Provide the user flow name, in my case I named it SignIn_SignUp_Demo, and it will prefixed with B2C_1_
2. Identity providers: Here you can set the identity provider, In my case I went with local accounts (Email signup) since I haven’t configured any other identity providers like Facebook, Google, and so on.
3. Multifactor authentication: You can configure the MFA setup. I just set it to off.
4. Conditional access: By default, it is unchecked, learn more about configuring MFA here.
5. User attributes and token claims: Here you have to configure the fields Collect attribute and Return claim
Collect attribute: Select the attributes to collect input from the user. In my case I selected, Surname, Given Name, and Email.
Return Claim: Selected attribute will be sent through the tokens as a claim, you can decode the Jwt token and use the claims. In my case, I selected Surname and Given Name
Azure AD B2C Application Registration:
Step 1: Select App Registration from Manage Blade, and click on New Registration as shown in the below figure,
Step 2: In Register an application screen, define the following fields
Name: provide the application name
Supported account types: Select “Accounts in any identity provider or organizational directory (for authenticating users with user flows)”. Please check my last article to learn how Switching to manage the supported account types.
Redirect URI: https://jwt.ms, jwt.ms will decode the jwt token and display all the claims information.
Permissions: Check grant admin consent to openid and offline_access permissions.
Step 3: Finally click on register.
Step 4: Once the application is registered, click on Authentication from manage blade, check Access tokens (used for implicit flows) and ID tokens (used for implicit and hybrid flows), and click on Save.
Test the User Flow
Step 1: Select the User flows from the policies blade and click on B2C_1_SignIn_SignUp_Demo.
Step 2: Click on Run user flow, select the recently created application “TestUserFlow” and click on Run user flow.
Step 3: Enter your credentials and try to sign in, if you want to register click on sign up now
Step 4: After the sign-in it will redirect to jwt.ms where you can get JWT decode details
Summary:
We have seen how to configure the user flow and app registration with Azure AD B2C, and finally, we tested the Sign-up and Sign-in user flow using the Azure portal. We will see more about Azure AD B2C features in this series.
