How to generate public certiciate for Azure AD B2C ( SAML custom policy )

Hiep To Dinh 20 Reputation points
2023-07-07T10:33:55.04+00:00

Hi support,

We're going to have the deployment integrate with Azure AD B2C (SAML)
To connect with SAML, we need the have the certificate (X509) for signing and encrytion the request uploaded to B2C. On the DEV and TEST, we could use self-signed cerficate but on PROD, it would be best to have you generate the cert from public certificate authority.

To generate the cert, we need to add TXT domain for onmicrosoft.com?

How could we do that

-Subject "CN=yourappname.yourtenant.onmicrosoft.com" `

More detail document here:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy
In a production environment, we recommend using certificates that a public certificate authority has issued. But you can also complete this procedure with self-signed certificates.

Best,

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,899 questions
{count} votes

Accepted answer
  1. Konstantinos Passadis 19,281 Reputation points MVP
    2023-07-07T10:56:37.66+00:00

    Hello @Hiep To Dinh !

    Welcome to Microsoft QnA!

    For this procedure you cannot verify the onmicrosoft Domain

    you need a Custom Domain to vaidate

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-domain?pivots=b2c-user-flow

    I hope this helps!

    Kindly mark the answer as Accepted and Upvote in case it helped!

    Regards

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.