Skip to end of banner
Go to start of banner

Azure AD B2C Native Authentication

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

In this document, you'll learn how to set up multi-tenant authentication, configure login tiles for each tenant, and use client IDs and client secrets to enable seamless login across multiple Azure AD and B2C tenants.

Configure the B2C Tenant

  • Register a service principal application: Register a service principal application in Azure Active Directory (Azure AD) and configure it for use with EmpowerID's Azure Native Auth.

    • Client Secret – You use this when setting up the Azure Native Auth OAuth app in EmpowerID.

    • Redirect URIs – You set this value to the FQDN of your EmpowerID Server.

    • API Permission – You grant to the service principal the neccessary Microsoft Graph API permissions for Azure Native Auth. These permissions include:

      • offline_access – Maintain access to data you have given access to

      • openid – Sign users in

      • profile – View users' basic profile

      • User.Read – Sign and read user profile

  • Configure UserInfo Endpoint: EmpowerID requires the UserInfo endpoint to retrieve user data. However, unlike Azure AD, Azure AD B2C does not support the UserInfo endpoint by default. The Identity Experience Framework must be configured with custom policies that return data through the UserInfo endpoint to enable this. Refer to the Microsoft documentation below to set up these custom policies, or check the latest guidance to configure the UserInfo endpoint correctly. https://learn.microsoft.com/en-us/azure/active-directory-b2c/userinfo-endpoint?pivots=b2c-custom-policy

Gather Necessary Information

Feilds

Description

Consumer Key

Consumer Secret

User Info Endpoint

Configure the User Info Endpoint, This will be uses as sender identifier. You will also have to do additional pre requiistes provided in the Microsoft document.

Step 1 – Set up Azure B2C Auth

  1. Navigate to Oauth Services

    • On the navbar, expand Apps and Authentication > SSO Connections and click OAuth / OpenID Connect.

    • Select the External OAuth Services tab and then search for AzureADB2C.

    • Click the Provider link for AzureADB2C.

      image-20241007-081016.png

  2. Add OAuth Service
    The default configuration for B2C authentication will be displayed in the details page. Let’s add a new auth provider. Find the Add icon and click it to add a new authentication provider.

    • Name - Provide a unique and descriptive identifier for the service.

    • Display Name- Please provide a user-friendly label or "Display Name" in the application's user interface representing the service.

    • Consumer Key

    • Consumer Secret

    • Is Identity Provider

    • Select existing Account Directory

    • Select existing OAuth Scope

    • Callback Url

    • Sender Identifier

    • Description

      image-20241007-091419.png

  3. Click Save to save the changes.

Configure the B2C Tenant
Enable the Azure Ad

Step – Add a Login Button for Azure Native Authentication

  1. Expand Single Sign-On > SSO Connections on the navbar and click SSO Components.

  2. Select the IdP Domains tab and click the IdP Domains link for the IDP Domain where you want the Login button to appear.

     

  3. Select the External OAuth Providers tab and then the Azure B2C Authentication provider.

     

  4. Click Save.

  1. ssss

Verify the Auth Provider is working,

The account needs to be inventoried by EmpowerID. It can be an account that hasn’t been joined to a person, but it should still be inventoried, even if it’s an orphan account.

  1. click on azure ad b2c native authentication.

  2. login with ur azure b2c credentials

  3. you should be able to login.

  • No labels