Share via

Azure AD B2C As a Federation with multiple identity providers

Anand Patil 95 Reputation points
2024-08-26T08:26:33.5866667+00:00

Hi,

I have an application 'SampleApp' which is using Azure AD B2C for authentication purpose. The 'SampleApp' application is being used by two types of users - employees & customers. Both employee and customer users are part of different AD instances (AD1 for employees and AD2 for customers). Now there is a need to integrate 'SampleApp' with a new application 'TestApp'. The 'TestApp' will be hosted in AWS and will use Cognito for managing users at its local level.
There is a need to have a SSO solution in place for this application, so that users once logged in to 'SampleApp' will be able to directly access 'TestApp' with a url link.

I have created a B2C Custom Policy and I am successfully able to integrate the two applications for users in one of the active directories, AD1. So users with employee role are able to SSO into both the applications are do get necessary claims too. I need to incorporate the remaining active directory, AD2, in the same custom policy.

  • Want to know whether it is possible to do so?
  • If both identity providers are configured in the Custom Policy, how to identify which AD is to be used when and how to configure it in B2C ?
  • Since this custom policy is used as federation from AWS Cognito, will the authorization endpoint change when there are two AD's involved?
  • How will the federation configuration understand the role (employee/customer) in the incoming request from 'SampleApp' to 'TestApp' in AWS and which AD to use for authentication and claims ?
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,908 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,065 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-08-26T08:26:33.6+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It is possible to incorporate multiple identity providers in a B2C Custom Policy. You can configure each identity provider separately and specify the identity provider to be used based on the user flow. You can use the "IdentityProviderSelection" technical profile to select the identity provider based on the user's input. The authorization endpoint will not change when there are multiple identity providers involved. The role of the incoming request can be identified using the claims in the token. You can use the "ClaimsTransformation" technical profile to transform the claims as needed.

    References:

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.