Issue
I have an application that uses AD B2C for authentication. I need to allow external IdPs to authenticate via SSO into my application via AD B2C. I followed the steps in this documentation and it worked well for one IdP. https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=macos&pivots=b2c-custom-policy
My use case requires setting up multiple (>30) IdPs and unfortunately this documentation requires creating a new claims provider and technical profile for each IdP set up. Is there a way to set up multiple IdPs without coding them into the custom policy? Along the lines of dynamically pulling the correct IdP from an external data source based on email domain and injecting it into technical profile? Or maybe by setting up a single IdP or bridge and using it as proxy for the 30+ IdPs? I'm curious as to how others have solved this as I'm sure this is not a new use case.
Solution
• If you have multiple Identity providers to be configured in your Azure AD B2C application for authentication, then you can configure all the social account identity providers at once by referring to the below documentation link and configuring one by one all the social identity providers as given in this link: -
Once, all the social identity providers are configured for authentication in the Azure AD B2C application, then you can configure multiple identity providers for multi-tenant Azure AD application one by one as per stated below in this documentation link: -
• As per the present developments, it is currently not possible to configure only a single technical profile and claims provider for multiple IDPs or set up multiple IDPs without coding them into custom policies
. Currently, you will have to set up the required by entering every IDP’s technical profile and claims provider information in the custom policy XML file.
For more information, you can surely refer to the community thread stated in your comments section to see if it works or not: -
B2C Custom Policy with TP OpenId Connect - IdTokenAudience - MultiApple scenario
Answered By - Kartik Bhiwapurkar Answer Checked By - Senaida (PHPFixing Volunteer)
0 Comments:
Post a Comment
Note: Only a member of this blog may post a comment.