Let’s Azure: Register a new Application in Azure AD B2C
For an application to interact with Azure AD B2C we must get the application registered with the Azure AD B2C tenant. The application registration is needed for all such applications including web applications (such as .Net Core, Java, Python, Node.js apps) , SPAs (such as Angular, React etc.), Native Apps (such as iOS or Android apps) as well as APIs (such as MuleSoft, Tablau etc.).
Once registered, each application gets an unique Application Id aka ClientId and a secret to authenticate itself with the B2C tenant. This read gives a quick how to of generating these credentials for an app.
Registering the application with Azure AD B2C
- Login in to Azure Portal and and switch to the Directory that has your Azure AD B2C tenant.
- Search for Azure AD B2C and go to overview panel of B2C
On the left panel, click on App registrations which will navigate to the app listing page.
Next click on New registration to open the app registration wizard.
In the registration wizard, add the name of the application for identification.
For Supported account types, select one of the below options: Option 1 — when the application is for DevOps or for managing users through Graph API
Option 3 — when the application is to authenticate users using user flows.
The Option 2 is hardly used in B2C
Leave Redirect URL blank. In Permissions section select Grant admin consent. Click on Register. Once the application is created it navigates to overview panel.
For the overview panel copy the Directory (tenant) ID and Application (client) ID and save them securely.
Next to create a client secret click in Certificates & secrets and then click on +New client secret link. Enter a uniquely identifiable description or name for the secret and choose a duration of its validity. System will automatically generate the secret.
Copy the Value of secret and save it securely. You cannot copy the secret later on as it will be masked. The Tenant ID, Client ID and this Secret are required for application to authenticate and perform any operations.
With this we are done with registering the application. However, there are more configuration that may be required depending on the functionality of the application.
User Management Using Graph APIs
When we are building an application (web based or api based app), we need to provide few Graph API permissions to it.
Click on API permissions and then click on +Add a permission
Choose Microsoft API → Microsoft Graph →Application Permissions and then select the below permissions
- User →ReadWrite →All
- User →ManageIdentities→All
- UserAuthenticationMethod →ReadWrite →All
- UserNotification →ReadWrite →CreatedByApp
- RoleManagement →ReadWrite →Directory
Once all permissions selected, click on Grant admin consent for …. and your application is set to live.
Sending Email Using Graph APIs
Follow the steps as above and select the below permissions
- Mail.Send
Sign-up Sign-in users using user flows
Follow the steps as above and select the below permissions
- User →Read →All
We will also need to configure the different authentication policies using User Flows for the end user experiences.
Isn’t it interesting. If you like this and wanna read more on Azure, follow Let’s Azure and also click here to Follow this author.
If this story is helpful for you forward to your friends and if you have suggestions, do let us know your thoughts in comments.
Happy Azuring and Happy Coding !!!!
