Friday, June 14, 2024

Azure AD B2C SSO to Microsoft Entra ID (AD) using OIDC - User Flow

 How to Setup SSO on Azure AD B2C to Azure AD Entra ID


Prerequesties: 

- Create Azure AD Entra ID Tenant

- Create Azure AD B2C Tenant

- Create Azure AD B2C App Registration. Ref: Balajiprasad's useful codes: Azure AD B2C App Registration (rbalajiprasad.blogspot.com)


On Azure AD Entra ID:

- Go to "Microsoft Entra ID", click "Enterprise Applications"

- Click "New Application" then click "Create your own application"

- Choose account type as Single Tenant

- Set Redirect URL as Web & URL to https:// {b2ctenantname}.b2clogin.com/{b2ctenantname}.onmicrosoft.com/oauth2/authresp  (Replace b2cTenantName)

- Go to "Certificates & Secrets" tab, create new client secret, give some unique name and expiration, store the secret for later purpose


On Azure AD B2C: 

- Go to "Azure AD B2C"

- Go to "Identity Provider", Click to "New OpenID Connect Provider"

- Enter the below details and save,

Name: {{SomeUniqueName}}

Metadata url: https://login.microsoftonline.com/{{ADtenantname}}.onmicrosoft.com/.well-known/openid-configuration

Client ID: {{EntraIDADAppRegistrationApplicationId}}

Client secret:  {{EntraIDADAppRegistrationSecret}}

Scope:  open

Response type: id_token

Response mode: form_post

Domain hint: {{SomeUniqueName}}

User ID: oid

Display name:  name

Given name:  given_name

Surname:  family_name

Email:  unique_name


- Go To "User Flows", Choose the SignIn or SignupSignIn flow then select the identity providers

- Now test the policy run flow or through Web Application, you can see the new Login Button for AD tenant added in Signin page