This guide shows you how to configure a User Flow Policy in Azure AD B2C. After you have done this, you may configure OpenID Connect.

Setting up a User Flow

1. New user flow

Navigate to Azure AD B2c > User flows, and select “New User flow”. Choose “Sign in” or “Sign up and sign in”.

...

Select the recommended flow.

...

2. Configure user flow

Give your user flow an appropriate name, choose what MFA policy you like, and select user attributes and claims. Like you see, it’s not an option to select email for a return claim. This is potentially limiting in use with Kantega SSO, since the user cannot be provisioned to your Atlassian application with JIT provisioning.

...

3. Configure claims

After your new flow has been created, select it and go to Application claims. Here, make sure that email addresses, Given name, suname, display name and User’s Object ID are selected.

...

Configuring custom claims

Navigate to Azure AD B2c > User flows, and select the user flow you are using

...

Under user flow in Azure AD B2C, make sure name / display name is sent with claims:

...

Custom policy to get additional claims

By default, a B2C user flow will not send the email attribute with the userinfo endpoint. To do this, you will have to configure a custom user policy. This requires some work.

...

Add the email claim as an <OutputClaim> in the SignUpOrSigning policy file under SocialAndLocalAccounts:

...

Uploading the custom policy

After you have configured the custom policy, navigate to the overview page of Azure AD B2C. Select Identity Experience Framework in the left menu.

...