How to Setup SSO on Azure AD B2C to Azure AD Entra ID
Prerequesties:
- Create Azure AD Entra ID Tenant
- Create Azure AD B2C Tenant
- Create Azure AD B2C App Registration. Ref: Balajiprasad's useful codes: Azure AD B2C App Registration (rbalajiprasad.blogspot.com)
On Azure AD Entra ID:
- Go to "Microsoft Entra ID", click "Enterprise Applications"
- Click "New Application" then click "Create your own application"
- Choose account type as Single Tenant
- Set Redirect URL as Web & URL to https:// {b2ctenantname}.b2clogin.com/{b2ctenantname}.onmicrosoft.com/oauth2/authresp (Replace b2cTenantName)
- Go to "Certificates & Secrets" tab, create new client secret, give some unique name and expiration, store the secret for later purpose
On Azure AD B2C:
- Go to "Azure AD B2C"
- Go to "Identity Provider", Click to "New OpenID Connect Provider"
- Enter the below details and save,
Name: {{SomeUniqueName}}
Metadata url: https://login.microsoftonline.com/{{ADtenantname}}.onmicrosoft.com/.well-known/openid-configuration
Client ID: {{EntraIDADAppRegistrationApplicationId}}
Client secret: {{EntraIDADAppRegistrationSecret}}
Scope: open
Response type: id_token
Response mode: form_post
Domain hint: {{SomeUniqueName}}
User ID: oid
Display name: name
Given name: given_name
Surname: family_name
Email: unique_name
- Go To "User Flows", Choose the SignIn or SignupSignIn flow then select the identity providers
- Now test the policy run flow or through Web Application, you can see the new Login Button for AD tenant added in Signin page