Skip to end of banner
Go to start of banner

Azure AD B2C Native Authentication

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

In this document, you'll learn how to set up multi-tenant authentication, configure login tiles for each tenant, and use client IDs and client secrets to enable seamless login across multiple Azure AD and B2C tenants.

Configure the B2C Tenant

  • Register a service principal application: Register a service principal application in Azure Active Directory (Azure AD) and configure it for use with EmpowerID's Azure Native Auth.

    • Client Secret – You use this when setting up the Azure Native Auth OAuth app in EmpowerID.

    • Redirect URIs – You set this value to the FQDN of your EmpowerID Server.

    • API Permission – You grant to the service principal the neccessary Microsoft Graph API permissions for Azure Native Auth. These permissions include:

      • offline_access – Maintain access to data you have given access to

      • openid – Sign users in

      • profile – View users' basic profile

      • User.Read – Sign and read the user profile.

  • Configure UserInfo Endpoint: EmpowerID requires the UserInfo endpoint to retrieve user data. However, unlike Azure AD, Azure AD B2C does not support the UserInfo endpoint by default. The Identity Experience Framework must be configured with custom policies that return data through the UserInfo endpoint to enable this. Refer to the Microsoft documentation below to set up these custom policies, or check the latest guidance to configure the UserInfo endpoint correctly. https://learn.microsoft.com/en-us/azure/active-directory-b2c/userinfo-endpoint?pivots=b2c-custom-policy

Gather Necessary Information

Feilds

Description

Consumer Key

Application (client) ID of the Azure app registration you created while registering the service principal application.

Consumer Secret

Secret ID of the secret you created for the Azure app registration in the above Prerequisites steps.

User Info Endpoint

Configure the User Info Endpoint, This will be uses as sender identifier. You will also have to do additional pre requiistes provided in the Microsoft document.

Step 1 – Set up Oauth IDP in EmpowerID

  1. Navigate to Oauth Services

    • On the navbar, expand Apps and Authentication > SSO Connections and click OAuth / OpenID Connect.

    • Select the External OAuth Services tab and then search for AzureADB2C.

    • Click the Provider link for AzureADB2C.

      image-20241007-081016.png

  2. Add OAuth Service
    The default configuration for B2C authentication will be displayed on the details page. Let’s add a new auth provider. Find the Add icon and click it to add a new authentication provider.

    • Name - Provide a unique and descriptive identifier for the service.

    • Display Name- Please provide a clear and user-friendly label.

    • Consumer Key- Provide the Application (client) ID of the Azure app registration you created while registering the service principal application.

    • Consumer Secret- Secret ID of the secret you created for the Azure app registration.

    • Is Identity Provider- Select the checkbox to configure as an identity provider.

    • Existing Account Directory- Select the existing Account Directory if exists.

    • Select existing OAuth Scope- Select existing OAuth Scope if exists.

    • Callback Url- FQDN of your EmpowerID server. The value entered should look similar to https://sso.empoweriam.com/WebIdPForms/OAuth/V

    • Sender Identifier- The user info id while you setup the profile.

    • Description- Please provide a brief explanation.

      image-20241007-091419.png
  3. Click Save to save the changes.

Step – Add a Login Button for Azure Native Authentication

  1. Expand Single Sign-On > SSO Connections on the navbar and click SSO Components.

  2. Select the IdP Domains tab and click the IdP Domains link for the IDP Domain where you want the Login button to appear.

     

  3. Select the External OAuth Providers tab and then the Azure B2C Authentication provider.

     

  4. Click Save.

Verify the Auth Provider is working,

The account needs to be inventoried by EmpowerID. It can be an account that hasn’t been joined to a person, but it should still be inventoried, even if it’s an orphan account.

  1. click on azure ad b2c native authentication.

  2. login with ur azure b2c credentials

  3. you should be able to login.

IN THIS ARTICLE

  • No labels