How to configure basic policies in Azure Active Directory B2C | Azure Active Directory

[MUSIC] Adam Stoffel: Welcome back. Now that’s we’ve learned about the basics of Azure AD B2C, let’s take a look at how we can configure an Azure AD B2C directory in the Azure portal To create a new Azure AD B2C directory, we’ll click on create resource here in the Azure portal. We can do a quick search for B2C to find the B2C resource type And once we’re there, we’ll hit create. When you create a new Azure AD B2C tenant, you’ll be asked whether you want to create a new tenant or link an existing tenant to your Azure subscription. In this situation, we’ll go ahead and we’ll create a new tenant And then we’ll be asked to provide a few additional pieces of information. In this situation, we need to provide an organization name which will show up in certain places, for example, when an email is sent from Azure AD B2C, and will provide an initial domain name which will be used to identify your tenant throughout the configuration and sign-in process. You also select a country or region here and you can find more information in our documentation about the implications of which country you choose from this dropdown. After you click create, it will take a few moments to create your directory. I’ll go ahead and switch to a directory that I’ve already set up. To do that, you click on your account name in the top corner of the screen and then click on switch directory. When I click on this link up at the top, you can see all the directories that you have access to. I’ll switch over to a directory that I’ve already created earlier today Once you’ve switched the directory context, go ahead and do a quick search for B2C to find the Azure AD B2C resource. Once you open the Azure AD B2C configuration blade, you’ll see that there’s a few different options. You can manage which applications are authenticating against your directory, which identity providers you offer for sign-in, custom user attributes that you’ve configured, your list of users, and then the custom polices that you’ve configured in the identity experience framework and built in policies that you’ve configured in the user flows tab. Let’s start by setting up some identity providers Here you can see that we have local accounts configured and you can configure local accounts to use either an email address as the primary identifier or a username as the primary identifier. You can also use this screen to configure a number of other identity providers and you can see those are listed here. The exact configuration values that you need for certain identity providers will vary but you can find information about how to set these up in our documentation Let’s take a look and see what user attributes are built into the system. You can see here that there’s a number of standard attributes that are already set up in B2C and that you can also configure custom attributes. By clicking add, I can provide a name for this attribute And I can choose what kind of data will be stored in this attribute. I can also provide a description which will be shown to the user if you expose this attribute for them during the registration process Now that I’ve created that custom attribute, it will be available for me to include in built in user flows and custom polices later on. Let’s also set up an application which will authenticate against Azure AD B2C. I’ll click add here and we’ll set up an application which will allow us to test our user flows. In this case, I’m going to use a handy online application called JWT.ms. JWT.ms will allow us to inspect the authentication token which is sent to it. You also need to choose whether this is a web app or web API and/or a native client like an iOS application or an Android application. In this case, we’re dealing with a web application. We can also choose whether to allow the implicit flow which is a feature of OAuth 2. And again, you can find more information about that in our documentation. We need to set up the reply URL which is where B2C will redirect the user to after they’ve completed their authentication. And I’ll go ahead and click create and this application will set up now to authenticate against our Azure AD B2C tenant. Let’s also set up a basic user flow When I click new user flow, I’ll need to choose a template for the user flow. And we’ve got a number of different templates here that do actions like sign up and sign-in, profile editing, and account recovery via or a password reset. I’ll create a sign up and sign-in policy. This will allow users to both register using this policy or to sign in if they already have an account You’ll also be able to choose which identity providers are allowed in this authentication journey and whether to use

multi-factor authentication or not. I’ll turn on multi-factor authentication for this journey. You can also choose which attributes will be collected from the user during registration and which attributes will be returned in the authentication token which is sent to the application After I’ve created this user flow, I can go in, take a look, and actually configure even more settings. We take a look at this user flow, under properties, there’s a few other pieces of information that we can configure. Again, I have the option to turn multi-factor authentication on or off. We can enforce JavaScript page layout versioning. You can find more about what that means in our documentation And we can also configure token lifetime and session lifetime For token lifetimes, this will dictate how often your application needs to ask the user to reauthenticate against B2C or how long the refresh tokens last for your application For session behavior, we can configure how we would like our single sign-in behavior to operate across the whole tenant, across different polices, and across different applications. We also have the option here to configure password complexity. There’s a few built in options and you can also use the custom option to get more fine grained granular control over password complexity. Again, we have the option to configure which identity providers are offered in this policy We can choose which user attributes will be collected from the user during registration. And we can configure which claims will be included in the authentication token that goes out to the application. I’ll add a few more things here You can also customize the page layout. We have a few different built in templates but most folks will want to use a custom page layout. To do that, you’ll host your own HTML, CSS, and JavaScript and then tell B2C where to go on the internet to find that content. In this case, I’m going to switch to one of our other built in templates. And you can see that the custom page URI shown in the bottom of the screen will change to reflect that new template And you can see that it’s changed here. You can also configure languages for your B2C policy. We have a number of built in languages and if necessary, you can override the default strings that appear for each of those language packs. You can also create custom language packs to support any language that’s not offered natively by B2C. Now that we’ve done some configuration on this policy, let’s run it so that we can see what it looks like I’ll click on run user flow and we have a way to automatically launch this policy right here from within the portal. You can see that application we configured earlier is selected here and I’ll click run user flow to start that process We’re taken here to that sign-in or sign up policy and we can sign-in with an account we already have, or we can click on sign up now to go through our registration flow And you can see here that this is asking for the information that we put in our configuration earlier Now that we’ve completed that information, I’ll click create And since we have multi-factor authentication turned on for this policy, I’ll also have to enroll in multi-factor authentication So, I’ll confirm my enrollment via text message Great. And now that I’ve completed that registration process, B2C has sent me back to the application. In this case, JWT.ms which is that handy tool for letting us inspect the authentication token. And we can see here that we have a standard identity token with the information that I’ve provided and some information from B2C. So, B2C has generated a user ID for me and is telling us that this is a new user I hope this video was helpful for you to learn a little bit about how to set up your Azure AD B2C tenant. Watch the next video where Karen will tell us more about the power of custom policies in Azure AD B2C [MUSIC]