Skip to content

Azure AD B2C Identity Provider

Azure B2C is a OIDC flavoured identity provider. Read more about OIDC identity providers in the OIDC Identity Provider topic guide.

This chapter will guide you though all steps that are required to fully configure and use Azure AD B2C with Onegini IdP.

Prerequisites

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IdP instance must to be running, for the sake of this guide we assume it's available under https://idp-core.dev.onegini.me address
  • An external IdP (Identity Provider of Azure AD B2C type) must be running externally from Onegini IdP; in this Azure AD B2C tenant a web application should be registered with this redirect URI value: https://{hostname}/connect/auth/azure_ad_b2c/callback (in our example https://idp-core.dev.onegini.me/connect/auth/azure_ad_b2c/callback).

Configure external OIDC IdP in Onegini IdP

To register a new IdP of Azure B2C type please visit the http://idp-core.dev.onegini.me:8082/admin page and login to the Onegini IdP admin console. Select Config menu option and navigate to Identity Providers tab.Hit the + button to create a new Identity Provider configuration. Fill in the form as follows:

  1. Type - open the dropdown list and select Azure AD B2C
  2. Name - name your OIDC IdP instance
  3. Authentication Level - choose desired authentication level
  4. Enabled - mark your Identity Provider as enabled
  5. Synchronise Attributes - flag indicating whether the Onegini IdP should synchronize person's profile attributes with the ones retrieved from OIDC Idp.
  6. Tenant ID - Name of your Azure AD B2C tenant
  7. Application ID - The application ID that the Azure portal assigned to application
  8. Get Information - button that will retrieve metadata and allow to set available scopes and claims
  9. Scopes - list of scopes which should be requested during authorization flow from OIDC IdP, the openid scope is always sent by default.
  10. Claims - additional claims that should be requested during the authorization flow from the Azure AD B2C IdP, please note that some claims are also represented by standard scopes as described in the OIDC specification
  11. Front channel logout - flag indicating whether this Identity Provider will participate in logout process