Thursday, October 20, 2022

[FIXED] How to set up multiple SSO IdPs in AD B2C?

      , , , ,      No comments   

Issue

I have an application that uses AD B2C for authentication. I need to allow external IdPs to authenticate via SSO into my application via AD B2C. I followed the steps in this documentation and it worked well for one IdP. https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=macos&pivots=b2c-custom-policy

My use case requires setting up multiple (>30) IdPs and unfortunately this documentation requires creating a new claims provider and technical profile for each IdP set up. Is there a way to set up multiple IdPs without coding them into the custom policy? Along the lines of dynamically pulling the correct IdP from an external data source based on email domain and injecting it into technical profile? Or maybe by setting up a single IdP or bridge and using it as proxy for the 30+ IdPs? I'm curious as to how others have solved this as I'm sure this is not a new use case.


Solution

• If you have multiple Identity providers to be configured in your Azure AD B2C application for authentication, then you can configure all the social account identity providers at once by referring to the below documentation link and configuring one by one all the social identity providers as given in this link: -

https://learn.microsoft.com/en-us/azure/industry/training-services/microsoft-community-training/infrastructure-management/install-your-platform-instance/configure-multiple-authentications-in-a-single-instance

Once, all the social identity providers are configured for authentication in the Azure AD B2C application, then you can configure multiple identity providers for multi-tenant Azure AD application one by one as per stated below in this documentation link: -

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy

As per the present developments, it is currently not possible to configure only a single technical profile and claims provider for multiple IDPs or set up multiple IDPs without coding them into custom policies. Currently, you will have to set up the required by entering every IDP’s technical profile and claims provider information in the custom policy XML file.

For more information, you can surely refer to the community thread stated in your comments section to see if it works or not: -

B2C Custom Policy with TP OpenId Connect - IdTokenAudience - MultiApple scenario



Answered By - Kartik Bhiwapurkar
Answer Checked By - Senaida (PHPFixing Volunteer)

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...