Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

This guide shows you how to configure a User Flow Policy in Azure AD B2C. After you have done this, you may configure OpenID Connect.

Setting up a User Flow

1. New user flow

Navigate to Azure AD B2C > User flows, and select “New User flow”. Choose “Sign in” or “Sign up and sign in”.

Select the recommended flow.

2. Configure user flow

Give your user flow an appropriate name, choose what MFA policy you like, and select user attributes and claims. Like you see, it’s not an option to select email for a return claim. This is potentially limiting in use with Kantega SSO, since the user cannot be provisioned to your Atlassian application with JIT provisioning.

3. Configure claims

After your new flow has been created, select it and go to Application claims. Here, make sure that email addresses, Given name, suname, display name and User’s Object ID are selected.

Configuring custom claims

Navigate to Azure AD B2c > User flows, and select the user flow you are using

While under the user flow, go to Application claims in the left menu.

Under user flow in Azure AD B2C, make sure name / display name is sent with claims:

Custom policy to get additional claims

By default, a B2C user flow will not send the email attribute with the userinfo endpoint. To do this, you will have to configure a custom user policy. This requires some work.

First follow this guide to make your tenant ready to accept custom policies: https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy. The most essential step here is to clone the starter pack: 

git clone https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack

In all of the files in the SocialAndLocalAccounts directory, replace the string yourtenant with the name of your Azure AD B2C tenant, so for our example, we hit a find-and-replace with yourtenant to kantegassob2c.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy

By default the email parameter is not added as claim to user response in Azure AD B2C.

Then you follow this guide to: https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-user-input?pivots=b2c-custom-policy .

Add the email claim as an <OutputClaim> in the SignUpOrSigning policy file under SocialAndLocalAccounts:


Uploading the custom policy

After you have configured the custom policy, navigate to the overview page of Azure AD B2C. Select Identity Experience Framework in the left menu.

Under Identity Experience Framework, click the “Upload custom policy” button, and choose the SignUpOrSigning policy configured in the prevous steps.

You might encounter issues uploading the custom policy. If so, this automated tool helps you deploy the starterpack: https://b2ciefsetupapp.azurewebsites.net

Read more about custom policies in Microsoft’s guide:

https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-overview

  • No labels