Azure AD B2C Tutorial

Azure Active Directory B2C is a cloud-based identity and access management solution that enables organizations to provide secure access to their applications for their customers, partners, and employees. In this tutorial, we will cover how to set up and configure Azure Active Directory B2C using the Azure CLI.

Prerequisites:

  • Azure subscription
  • Azure CLI installed on your local machine
  • Basic understanding of Azure concepts and the Azure CLI

Step 1: Create an Azure Active Directory B2C tenant

  1. Log in to the Azure portal (https://portal.azure.com/)
  2. Click on “Create a resource” from the left-hand menu.
  3. Search for “Azure Active Directory B2C” and select it.
  4. Click on the “Create” button.
  5. In the “Create a tenant” page, provide the required information:
    • Tenant name: A unique name for your tenant
    • Initial domain name: A unique initial domain name for your tenant
    • Country/Region: The country/region where your tenant is located
    • Currency: The currency used for billing
  6. Click on “Review + create” to review your settings.
  7. Click on “Create” to create the tenant.

Step 2: Create a user flow

  1. Log in to the Azure portal.
  2. Click on “Create a resource” from the left-hand menu.
  3. Search for “Azure Active Directory B2C” and select it.
  4. Click on “Create” button.
  5. In the “Create a user flow” page, provide the required information:
    • User flow name: A unique name for your user flow
    • Identity providers: Select the identity providers you want to use (e.g. Facebook, Google, Microsoft, etc.)
    • User attributes: Select the user attributes you want to collect (e.g. email, name, phone number, etc.)
  6. Click on “Create” to create the user flow.

Step 3: Configure an application

  1. Log in to the Azure portal.
  2. Click on “Azure Active Directory” from the left-hand menu.
  3. Select the “App registrations” option.
  4. Click on “New registration” to create a new application registration.
  5. In the “Register an application” page, provide the required information:
    • Name: A unique name for your application
    • Supported account types: Select the account types you want to support (e.g. accounts in this organizational directory only, accounts in any organizational directory, or personal Microsoft accounts)
    • Redirect URI: The URL where Azure AD B2C should redirect the user after authentication
  6. Click on “Register” to register the application.
  7. Once the application is registered, note down the “Application (client) ID” and “Directory (tenant) ID” values.

Step 4: Configure authentication and authorization policies

  1. Log in to the Azure portal.
  2. Click on “Azure Active Directory” from the left-hand menu.
  3. Select the “User flows (policies)” option.
  4. Select the user flow you created in Step 2.
  5. Click on “Properties” and note down the “Identity provider” value.
  6. Select the “Token issuance” option.
  7. Click on “Add” to add a new policy.
  8. In the “Add policy” page, provide the required information:
    • Policy name: A unique name for your policy
    • Identity provider: The identity provider you noted down in Step 5
    • Token signing algorithm: The algorithm used to sign the access token
    • Token lifetime: The lifetime of the access token
  9. Click on “Create” to create the policy.

Step 5: Configure your application to use Azure AD B2C

Open the command prompt or terminal on your local machine.

Sign in to Azure using the CLI command:

az login

Create a new Azure AD B2C policy using the CLI command:

az ad b2c policy create --tenant-id <your-tenant-id> --name <policy-name> --display-name <policy-display-name>

Create a new application in Azure AD B2C using the CLI command:

az ad b2c app create --tenant-id <your-tenant-id> --name <app-name> --reply-urls <reply-urls>

Add a key to the application using the CLI command:

az ad app credential reset --id <client-id> --password <password>

Replace <client-id> with the application client ID and <password> with a password of your choice.

Configure the authentication and authorization policy for the application using the CLI command:

az ad b2c app update --id <client-id> --reply-urls <reply-urls> --required-resource-accesses <resource-accesses>

Replace <client-id> with the application client ID, <reply-urls> with the URL where the application should redirect after authentication, and <resource-accesses> with the resources the application requires access to.

Grant permission for the application to access the Azure AD B2C directory using the CLI command:

az ad app permission add --id <client-id> --api 00000002-0000-0000-c000-000000000000 --api-permissions 6a3c8b52-63ed-41b3-95c7-eb8d8a053dbe=Scope

Replace <client-id> with the application client ID.

Step 6: Test your application

  1. Open your application in a browser.
  2. Click on the sign-in button.
  3. You will be redirected to the Azure AD B2C sign-in page.
  4. Enter your credentials and sign in.
  5. You will be redirected back to the application.

Congratulations! You have successfully set up and configured Azure Active Directory B2C using the Azure CLI.