Good morning everyone,
I got my scenario working on Friday, thanks to this thread.
- Azure SWA set up in our main Entra ID Tenant.
- App Registration for the SWA created in our new Entra External ID/Customer Tenant.
- Using a temp email address to create an account at login time.
Previously, I had to amend the new user in the portal and assign them an admin role before the user could proceed to the app after signing in.
On Friday, with below staticwebapp.config.json, I was able to register a new user account and sign-in to the app without any manual tweaking of the user account.
{
"routes": [
{
"route": "/src/index.html",
"allowedRoles": [
"anonymous"
]
},
{
"route": "/logout",
"redirect": "/.auth/logout?post_logout_redirect_uri=/logout_complete.html"
},
{
"route": "/me",
"redirect": "/.auth/me"
},
{
"route": "/authOnly*",
"allowedRoles": [
"authenticated"
],
"headers": {
"Content-Type": "application/javascript"
}
}
],
"responseOverrides": {
"401": {
"statusCode": 302,
"redirect": "/.auth/login/aad?post_login_redirect_uri=.referrer"
}
},
"trailingSlash": "auto",
"platform": {
"apiRuntime": "dotnet-isolated:8.0"
},
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"registration": {
"openIdIssuer": "https://TenantID.ciamlogin.com/TenantID/v2.0",
"clientIdSettingName": "CLIENT_ID",
"clientSecretSettingName": "CLIENT_NAME"
}
}
}
}
}
Regards,
Paul.