How to connect to an external database to validate user ID passwords in external system using AD

BCTAZURE 0 Reputation points
2023-11-30T16:48:31.8333333+00:00

Hi,

We have the User's credentials stored in the external DBs and would like to use these credentials for authentication. How do I use Microsoft Entra to connect to DB and authenticate users?

Once Authentication is completed, we need to generate the access token to execute the APIs.

Appreciate your response!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,947 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Carlos Solís Salazar 18,066 Reputation points MVP
    2023-12-01T18:42:48.35+00:00

    There is no direct way to achieve your goal.

    If you can integrate your database users with your Active directory, you can integrate with Entra ID through Azure AD Connect (https://www.microsoft.com/en-us/download/details.aspx?id=47594).

    Another solution that I think is possible is to import the users and regenerate the passwords in Entra ID (https://learn.microsoft.com/en-us/entra/identity/users/groups-bulk-import-members)

    this last option will help yo to:

    • Reduce your infrastructure
    • the advantage of all benefits of Entra ID

    Hope this helps!


  2. JamesTran-MSFT 36,776 Reputation points Microsoft Employee
    2023-12-14T20:37:27.7+00:00

    @BCTAZURE

    Thank you for your post and I apologize for the delayed response!

    When it comes to using Azure B2C to connect to an external database to validate a user's Username/ ID and Password, you should be able to achieve this through the use of the API connectors custom policy.

    Use API connectors to customize and extend sign-up user flows and custom policies with external identity data sources:

    Using Azure AD B2C, you can add your own business logic to a user journey by calling your own RESTful service. The Identity Experience Framework can send and receive data from your RESTful service to exchange claims. For example, you can:

    • Use external identity data source to validate user input data. For example, you can verify that the email address provided by the user exists in your customer's database, and if not, present an error. You can as well think of API connectors as a way of supporting outbound webhooks because the call is made when an event occurs, for example, a sign up.

    Here's an example of the steps take:

    1. Create a RESTful API that can validate user credentials against your external database. For more info - Development of your REST API.
    2. Define a technical profile in your custom policy that calls your RESTful API to validate user credentials. For more info - Define a RESTful technical profile in an Azure B2C custom policy.
    3. Add the technical profile to your user journey to enable users to sign in using your custom policy. For more info - UserJourneys.

    Additional Links:

    I hope this helps!

    If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.


    If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.