Share
Explore

Azure Custom Policies SetUp Instructions

Step 1: Create Azure Web App

1) Navigate to Azure AD B2C
2) Click App Registrations
image.png
3) New Registration
image.png
4) Register the app with the following fields selected
image.png

Step 2: Expose and Add API Permissions

Part 1: Expose an API

1) Navigate to the Application you just created
2) Click Expose an API
image.png
3) Click Add Scope
4) Add A scope with the following values

image.png

Part 2: Add An API Permission

1) Navigate to API Permissions
image.png
2) Click Add a permission
3) Click my API’s
image.png
4) Select the application you created in Step 1
5) Ensure that you select and add User.ReadWrite.All
image.png

Step 3:

Part 1: Add signing and encryption keys for Identity Experience Framework Application

1) Sign in to Azure Portal
2) Search for and Select Azure AD B2C
3) Select Identity Experience Framework
image.png

Part 1.1: Create the Signing Key

1) Select Policy Keys
image.png
2) Create a Key with the following fields
image.png

Part 1.2: Create the Encryption Key

1) Select Policy Keys
image.png
2) Create a Key with the following fields
image.png

Part 2: Register the IdentityExperience Framework Application

Part 2.1: Create the IdentityExperienceFramework Application

Repeat ‘Step 1: Create Azure Web Application’ with the following fields
image.png
Name : IdentityExperienceFramework
Redirect URI: https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com, where your-tenant-name is your Azure AD B2C tenant domain name.
3) After Registering the application make sure to record the Application (client) ID
image.png

Part 2.2: Expose the API By Adding a Scope

1) Under the IdentityFrameWorkApplication Navigate to ‘Expose an API’ as we did earlier
2) Select add a scope
3) Add a scope with the following fields
image.png
4) Select Add scope

Part 3: Register the ProxyIdentityExperienceFrameWork application

Part 3.1: Register the Application

Repeat ‘Step 1: Create Azure Web Application’ with the following fields
image.png
3) After Registering the application make sure to record the Application (client) ID

Part 3.2: Specify the application should be treated as a public client

1) Click Authentication
2) Under Advanced setting click ‘allow public client flows’
image.png
3) Select save
4) Ensure that “allowPublicClient” is set to true in application manifest
4.1) Click Manifest
image.png
4.2) Ensure “allowPublicClient” is set to true
image.png

Part 3.3: Grant Permissions to the the API Scope exposed earlier to the IdentityExperienceFrameWork

1) Select ‘API Permissions’ in left hand menue
2) Select Add a permission
3) Select My API’s
image.png
4) Select UserImpersonation Scope Defined earlier
image.png
5) Select Add permission
6) Wait a few minutes
7) Grant admin Consent for the Permission

Step 4: Add Relevant Custom Flows

1) Navigate to Azure AD B2C
2) Select Identity Experience Framework
3) Select Upload Custom Policy. Repeat the process uploading the following supplied policies in this order:
1) TrustFrameWorkBase.xml
2) TrustFrameworkLocalization.xml
3) TrustFrameWorkExtensions.xml
4) PasswordChange.xml
5) TrustFrameWorkExtensions_ChangeSignInName.xml
6) ChangeSignInName.xml



Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.