Set up a sign-up and sign-in flow in Azure Active Directory B2C
Before you begin, use the Choose a policy type selector to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.
Sign-up and sign-in flow
Sign-up and sign-in policy lets users:
- Sign-up with local account
- Sign-in with local account
- Sign-up or sign-in with a social account
- Password reset
Watch this video to learn how the user sign-up and sign-in policy works.
- An Azure account with an active subscription. Create an account for free.
- If you don't have one already, create an Azure AD B2C tenant that is linked to your Azure subscription.
Create a sign-up and sign-in user flow
The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. Users of your application are led down the right path depending on the context.
Sign in to the Azure portal.
Select the Directories + Subscriptions icon in the portal toolbar.
On the Portal settings | Directories + subscriptions page, find your Azure AD B2C directory in the Directory name list, and then select Switch.
In the Azure portal, search for and select Azure AD B2C.
Under Policies, select User flows, and then select New user flow.
On the Create a user flow page, select the Sign up and sign in user flow.
Under Select a version, select Recommended, and then select Create. (Learn more about user flow versions.)
Enter a Name for the user flow. For example, signupsignin1.
Under Identity providers select at least one identity provider:
Under Multifactor authentication, if you want to require users to verify their identity with a second authentication method, choose the method type and when to enforce multifactor authentication (MFA). Learn more.
Under Conditional access, if you've configured Conditional Access policies for your Azure AD B2C tenant and you want to enable them for this user flow, select the Enforce conditional access policies check box. You don't need to specify a policy name. Learn more.
Under User attributes and token claims, choose the attributes you want to collect from the user during sign-up and the claims you want returned in the token. For the full list of values, select Show more, choose the values, and then select OK.
You can also create custom attributes for use in your Azure AD B2C tenant.
Select Create to add the user flow. A prefix of B2C_1 is automatically prepended to the name.
Follow the steps to handle the flow for "Forgot your password?" within the sign-up or sign-in policy.
Rearrange the sign up form
Test the user flow
Select the user flow you created to open its overview page, then select Run user flow.
For Application, select the web application named webapp1 that you previously registered. The Reply URL should show
Click Run user flow, and then select Sign up now.
Enter a valid email address, click Send verification code, enter the verification code that you receive, then select Verify code.
Enter a new password and confirm the password.
Select your country and region, enter the name that you want displayed, enter a postal code, and then click Create. The token is returned to
https://jwt.msand should be displayed to you.
You can now run the user flow again and you should be able to sign in with the account that you created. The returned token includes the claims that you selected of country/region, name, and postal code.
The "Run user flow" experience is not currently compatible with the SPA reply URL type using authorization code flow. To use the "Run user flow" experience with these kinds of apps, register a reply URL of type "Web" and enable the implicit flow as described here.
Create a sign-up and sign-in policy
Custom policies are a set of XML files you upload to your Azure AD B2C tenant to define user journeys. We provide starter packs with several pre-built policies including: sign-up and sign-in, password reset, and profile editing policy. For more information, see Get started with custom policies in Azure AD B2C.