• Home
• Login with External IDP
• Azure B2C SSO

Configure Azure B2C SSO for Multiple Apps

---

Configure Azure B2C to Single Sign-On (SSO) into multiple applications using Azure B2C as OAuth Identity Provider. Here, users can login to all applications (SPs) using their Azure B2C login credentials by configuring Azure AD as an Identity Provider (IdP). miniOrange will act as an Identity Broker which forms a trusted connection between identity providers and multiple service providers by enabling cross-protocol authentication.

Implementing Azure B2C SSO allows users to log into your websites and applications with a single set of credentials using the Azure B2C OAuth IDP. This solution ensures that you are ready to roll out secure access to your application using Azure B2C within minutes.

Follow the Step-by-Step Guide to configure Azure B2C SSO

1. Configure miniOrange as Service Provider (SP) in Azure B2C

• Go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers >> click Add Identity Provider.



• Select OAuth 2.0 and copy the OAuth Callback URL which we will use to configure Azure B2C as OAuth Server/Provider.



• Now, sign in to Azure Portal.
• Go to home and in the Azure Services, select Azure AD B2C.



• Please make sure you are in Azure AD B2C directory with an active subscription and if not, you can switch to the correct directory.



• In the Essential tab, you will find the Azure B2C domain name, Save it for futher configuration.



• Now, click on App registerations and then click on the New registeration option to create a new Azure B2C Application.



• When the Register an application page appears, enter your application's registration details:
  • Name: Name of the application.
  • Supported account types: Select 3rd option ‘Accounts in any organizational directory (for authenticating users with user flows)’. You can also refer to Help me choose... an option if needed.
  • Select a Platform: select Web as a platform and paste the copied OAuth Callback URL (which we copied in the above step) in the Redirect URI text field.
  
  
  
• Click on Register.
• After successful application creation, you will be redirected to the newly created application’s overview page. If not, you can go to the app registrations and search the name of your application and you will find your application in the list.



• Copy your Application ID and keep it handy, you will need it later for configuring the Client ID under miniOrange Service Provider.



• Now, click on Certificates and secrets and then click on New client secret to generate a client secret. Enter a description and click on the Add button.



• Copy the secret key Value and save it, as you'll need it later in Step 2 to configure the Client Secret in the miniOrange as Service Provider.




Step 1.1: Add Users in your B2C Application

• On the homepage, go to Users tab in the left menu.



• Click on New user >> Create new user.



• Open a new user window and enter the required information.
• Select Create Azure AD B2C user from the Select template section.
• Select Email in the Sign-in method section and set a password.



• Click Create to save the user details for test configuration.

Step 1.2: How to create & add Azure B2C Policy

• Go to Policies >> User flows and click New user flow.



• Choose the Sign up and Sign in user flow type, then click Create.



• Complete the details, such as Name, Identity providers, etc.
• Select the User attributes you want to fetch during sign-up.
• Click on Create.





• Copy the Policy name this value will be required when configuring Azure B2C Policy in the miniOrange Service Provider.

Step 1.3: Add user claims to your application

• Go to User flows under policies in the left menu and select the configured policy.



• In the Settings section, select Application claims.



• Select the desired attributes to be displayed on the test configuration and save it.




Step 1.4: Configure ID-Token Claims in Azure B2C [Premium]

• Open your application in Azure Active Directory and select Token configuration from the left menu.
• Click on Add optional claim and select ID from the right section.
• Now choose all the attributes you want to fetch during SSO (e.g family_name, given_name, etc) and click on Add button.
• You might see a popup to Turn on the Microsoft Graph profile permission (required for claims to appear in token), enable it, and click on Add button.

2. Configure Azure B2C as OAuth 2.0 Provider in miniOrange.

• Go to Application registrations -> Endpoints.



• Copy token and authorization endpoints.
• Now, go to miniOrange Admin Console.
• From the left navigation bar select Identity Providers -> click Add Identity Provider.



• Select OAuth 2.0 and choose Azure B2C as IDP Name from the dropdown list.



• Enter the following values.

  IdP Display Name	Choose appropriate Name
  OAuth Authorize Endpoint	From step 2
  OAuth Access Token Endpoint	From step 2
  Client ID	From step 1
  Client secret	From step 1
  Scope	openid email profile

3. Test Connection

• Visit your Login Page URL.
• Go to Identity Providers tab.
• Click on Select >> Test Connection option against the Identity Provider (IDP) you configured.



• On entering valid Azure B2C credentials (credentials of user assigned to app created in Azure B2C), you will see a pop-up window which is shown in the below screen.



• Hence your configuration of Azure B2C as IDP in miniOrange is successfully completed.

Configure Attribute Mapping

• Go to Identity Providers >> View Identity Providers >> Your configured Azure B2C as IdP.
• Now click on Select and then Configure Attribute Mapping of your application.



• Under Attribute Type - EXTERNAL for the external attributes that need to be transformed and sent to applications or service providers.
• Click on the + Add Attribute button to add the attribute fields.



• Check attributes in test connection window from last step. Enter the attribute names (any name) that you want to send to your application under Attribute Name sent to SP.
• Enter the value of attributes that are coming from IdP into the Attribute Name from IdP field on the Xecurify side.

External References

• Know More about Single Sign On
• SSO login using Microsoft Entra ID (Azure AD)
• SP-Initiated v/s IdP-Initiated SSO
• Learn more about how miniOrange functions as an Identity Broker