Ask Learn
Preview
Ask Learn is an AI assistant that can answer questions, clarify concepts, and define terms using trusted Microsoft documentation.
Please sign in to use Ask Learn.
Sign inThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure AD B2C provides the ability to set up policies to control how users can logon, sign up, edit profile information and reset passwords. These polices can be used on a per application basis. The policy assignment is performed by defining the policy name within the application itself.
The policies we will discuss are the:
As you can see from the above we can actually have a combined "sign-up or sign-in" policy which is handy as we have 2 applications so we can just create one for each application. Let's create the policy for the Contoso Job Portal and then I'll show you what is different for the Contoso Pay Portal. Click "sign-up or sign-in policies" and click "Add".
Identity Providers - select the Identity options you wish to use with this policy\application. For the Contoso Job and Pay Portal we will select "Email signup" and "Facebook".
Sign-up attributes - select the information you wish to collect from the user during sign up (include the ability to select any additional attributes you have added from Part 1). For the Contoso Job and Pay Portal we have selected 5 attributes.
Application claims - select claims you wish to pass back to the application after successful authentication. For the Contoso Job and Pay Portal we have selected "Display Name" (which is required by the application) and "Identity Provider" (which if not selected now will be automatically added once the policy is created as we have added Facebook as an identity provider).
Multifactor authentication (MFA) - do you need to enforce Multifactor authentication for these users? For the Contoso Job Portal policy we have left "Multifactor authentication" as disabled but for the Contoso Pay Portal we will enable it to meet the requirements set out in Part 1 of this series.
Page UI customization - this provides the ability to customise the UI for your users. We will leave as default but feel free to customise.
So that's the policy for the Contoso Job Portal taken care of.
The Contoso Pay Portal will be exactly the same apart from the fact that we will enforce MFA.
So now we have defined the "sign-up or sign-in" policy for both applications.
Select each policy, click "Run now" to test and show the Azure AD B2C page your users will see.
As you can see Facebook and email address are presented as sign-in options and there is also the "Sign up now" link defined.
Now you have to define the Profile Editing and Password Reset Policy. I won't step though these in detail as the run through above should mean they will make sense to you. Key things to consider are:
So that's the set up completed! In the next post we will test the user experience with the different applications. Next post located here
Ask Learn is an AI assistant that can answer questions, clarify concepts, and define terms using trusted Microsoft documentation.
Please sign in to use Ask Learn.
Sign in