Azure ADB2C SAML SSO from Customer Portal

Suresh Rajamani 20 Reputation points
2023-12-13T11:58:40.7666667+00:00

Hi Team,

We have a Web Portal called "LearnerPortal.com" developed using React SPA and the backend is Azure Function App. Both are hosted in Azure App Service.

Authentication is implemented using Azure ADB2C, so user is able to sign up and sign in to LeanerPortal.com now which is going well.

Now we have a customer called XYZ and they have their own Web Portal called "TestUniversity.com". XYZ wanted their TestUniversity.com portal user to redirect to LearnerPortal.com by clicking a link (Go to Learner.com) displayed in TestUniversity.com Portal without prompt for user to login in LeanerPortal.com.

TestUniversity.com Portal has its own Authentication IDP provider.

Can you please share details steps to allow SSO from TestUniversity.com to our portal LeanerPortal.com.

Thanks,

Suresh Rajamani

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,961 questions
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Sedat SALMAN 14,180 Reputation points MVP
    2023-12-13T12:23:43.97+00:00

    dropping the following links for your reference

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml

    a small workflow for you

    • Integrate Azure AD B2C with TestUniversity.com's SAML identity provider. This involves configuring Azure AD B2C to recognize and process SAML requests and responses.
    • Exchange certificates with TestUniversity.com to establish trust. Azure AD B2C will use your certificate to sign SAML requests, and TestUniversity.com's IDP will validate these requests.
    • Adjust Azure AD B2C's technical profile in your policy files to define how it communicates with the SAML IDP.
    • Align the user attributes (claims) between Azure AD B2C and TestUniversity.com's IDP. This ensures consistent user information exchange.
    • Modify Azure AD B2C's user journeys or create a new one to include the SAML IDP as a sign-in option. This step makes the SAML IDP visible and usable in your sign-in flow.
    • Ensure that your application's policy in Azure AD B2C points to the modified user journey.

  2. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2024-03-15T19:31:41.9766667+00:00

    Hi @Suresh Rajamani , you will need to configure SAML-based SSO between the two portals. Here are the high-level steps to achieve this:

    1. Register your LearnerPortal.com application in Azure AD B2C. You can follow the steps outlined in the Azure AD B2C documentation to do this.
    2. Configure SAML-based SSO in your LearnerPortal.com application. You can follow the steps outlined in the Azure AD B2C documentation to do this.
    3. Obtain the SAML metadata from your LearnerPortal.com application. You can do this by navigating to the "Endpoints" section of your application in the Azure portal and copying the "SAML metadata endpoint" URL.
    4. Provide the SAML metadata to XYZ so that they can configure their TestUniversity.com application to use it for SSO. They will need to follow the steps outlined in the Azure AD B2C documentation to configure their application for SAML-based SSO.
    5. Once XYZ has configured their application for SAML-based SSO, users will be able to click the "Go to Learner.com" link in TestUniversity.com and be redirected to LearnerPortal.com without being prompted to log in again.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.