Creating user flows in Azure AD B2C tenant

Creating user flows in Azure AD B2C tenant

Azure Active Directory is Azure’s identity and access management service. It can be used for authenticating and authorizing users to ensure that only allowed users are able to access the application.

Let’s see how to create User Flows in Azure AD B2C.

What is Azure AD B2C ?

On high level, all applications can be categorized into two categories,

  • Enterprise Applications where the applications are targeted to one organization (or some users outside organization too, but for limited duration). e.g. OneDrive for business
  • Consumer Applications where applications are targeted to general consumers. Anybody can register for these applications and can use it. e.g. facebook, amazon, linked-in, etc.

In order to cater to these different type of applications, there are two flavors of Azure AD, B2B and B2C.

Azure AD B2C can be used with consumer applications.

Azure AD B2C has concept of Identity Providers. An identity provider is the provider which is responsible for identity and access management.

We can use facebook, google, amazon as identity providers. Alternatively, we can decided to use only default identity provider – which allows user to sign up using their email accounts.

What are User Flows ?

Almost all of the consumer applications have some common user management functionalities. For instance,

  • sign up flow – end users can register themselves in the application,
  • sign in flow – end uses can enter their credentials to login,
  • password reset flow – application allows end users to change the password if user has forgotten password, etc.

All such behaviors of the application can be configured as user flows in Azure AD B2C. We can configure which user information we want to collect during Sign Up, or we can configure multi-factor authentication. Everything is just few clicks and you are done.

Demo

For this demo, you will need Azure Subscription. If you don’t have an Azure subscription, create a free account before you begin.

Azure AD B2C

Then, we will need to have Azure AD B2C instance. Refer my previous blog for detailed steps for the same.

Register An Application

Next, in Azure portal, search for Azure AD B2C in the search box. A panel as shown in below snapshot will open.

There are two ways to register an application in Azure AD – Applications vs App Registrations (preview).

In this article we will use App Registrations menu option which is in preview as of now. But same inputs are required even if we go via Application menu.

So, click on App Registrations and then click on New Registration. Enter details as shown below. Make sure that the redirect URI is https://jwt.ms. This is URL of sample application hosted by Microsoft which displays contents of token for administration. After entering the details, click on Register button.

Create User Flow

Now, on Azure AD B2C panel, there is an option User Flows under Policies section. Then click new New User Flow button.

Next, below screen will be shown. It shows three recommended flows. There are also other tabs where all the available flows can be seen. For this demo, let’s select sign up and sign in type of flow.

On next panel, we need to enter below details:

  • Name, any readable name after prefix “B2C_1_“. Enter SignUpSignIn in this text box.
  • Identity Providers, select Email Signup checkbox
  • Multi Factor Authentication, keep this to default state.
  • User attributes and claims, select the attributes which should be collected from user on sign up page. First column of checkbox represents sign up page inputs. The second column is for selecting the attributes which should be present as claim in the token. There are many attributes which are supported by Azure AD B2C. The full list can be seen after clicking on show more link.

Once all the inputs are provided, click on Create button.

Now, we have an application which is registered with Azure AD B2C and we also have a sign up and sign in user flow. Let’s test our setup.

Run User Flow

Azure portal also enables us to verify that our setup is working.

When we go to User Flows option in Azure AD B2C panel, it shows list of available user flows. Click on the user flow which we just created and a panel as shown below will be shown.

Next, click on Run user flow button. A panel will open on right side.

On this new panel, make sure

  • Web App” application is selected (which we registered in our steps),
  • Reply URL is jwt.ms

Then click on Run user flow button below.

In a new tab, a login screen will be displayed with link to sign up. Both the screens are shown in below snapshot. For your information, these screens can also be customized to match your application look and feel. But we will not do that in this demo.

Here, a user can sign up where he can provide his information and password for login. Once the account is created.

We can run the flow again using above steps and come to login screen. For login, we can use same user name and password using which we completed sign up flow. The login would be successful and the token will be displayed in JWT.MS application as shown below.

Do not forget to cleanup the Azure AD B2C instance.

I hope this article was helpful. Let me know your thoughts.

Leave a Reply