Azure AD B2C Identity Provider¶
Azure B2C is a OIDC flavoured identity provider. Read more about OIDC identity providers in the OIDC Identity Provider topic guide.
This chapter will guide you though all steps that are required to fully configure and use Azure AD B2C with Onegini IdP.
Prerequisites¶
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IdP instance must to be running, for the sake of this guide we assume it's available under https://idp-core.dev.onegini.me address
- An external IdP (Identity Provider of Azure AD B2C type) must be running externally from Onegini IdP; in this Azure AD B2C tenant a web application should be registered with this
redirect URI
value: https://{hostname}/connect/auth/azure_ad_b2c/callback (in our example https://idp-core.dev.onegini.me/connect/auth/azure_ad_b2c/callback).
Configure external OIDC IdP in Onegini IdP¶
To register a new IdP of Azure B2C type please visit the http://idp-core.dev.onegini.me:8082/admin page and login to the Onegini IdP admin console. Select Config
menu option
and navigate to Identity Providers
tab.Hit the +
button to create a new Identity Provider configuration. Fill in the form as follows:
Type
- open the dropdown list and selectAzure AD B2C
Name
- name your OIDC IdP instanceAuthentication Level
- choose desired authentication levelEnabled
- mark your Identity Provider as enabledSynchronise Attributes
- flag indicating whether the Onegini IdP should synchronize person's profile attributes with the ones retrieved from OIDC Idp.Tenant ID
- Name of your Azure AD B2C tenantApplication ID
- The application ID that the Azure portal assigned to applicationGet Information
- button that will retrieve metadata and allow to set available scopes and claimsScopes
- list of scopes which should be requested during authorization flow from OIDC IdP, theopenid
scope is always sent by default.Claims
- additional claims that should be requested during the authorization flow from the Azure AD B2C IdP, please note that some claims are also represented by standard scopes as described in the OIDC specificationFront channel logout
- flag indicating whether this Identity Provider will participate in logout process