How to select RelayState urls based on the userType for SAML based app in Azure AD B2C

Varadharaj, Silambarasan 0 Reputation points
2024-01-04T13:08:30.2733333+00:00

The requirement is IDP (Azure AD B2C) needs to redirect users with relayState based on userType. We have a SAML based app in AAD b2c and we need to set the relay state after the authentication based on the userType. Based on user types, the users should redirect to respective app page. already know to use relay state url as target url in IDP-initiated flow. But this different scenario.

How to select RelayState urls based on the userType in runtime?

How to achieve this in custom policies? please advise.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,193 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,301 Reputation points Microsoft Employee
    2024-01-08T06:56:46.7666667+00:00

    Hi @Varadharaj, Silambarasan ,

    Thanks for reaching out.

    To select RelayState URLs based on the userType for a SAML-based app in Azure AD B2C, you can use custom policies and claims transformation. In the custom policy, you can define a claims transformation that sets the RelayState based on the userType claim. You can then use this claims transformation in the technical profile for the SAML-based app to set the RelayState in the SAML AuthN request.

    Here are the high-level steps to achieve this:

    1. Define a claims transformation that sets the RelayState based on the userType claim in the custom policy.
    2. Use the claims transformation in the technical profile for the SAML-based app to set the RelayState in the SAML AuthN request.

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/claimstransformations

    In azure, when you set up saml single signon, even in b2c, the saml options are the same, you can specify a relaystate optional parameter, and it will always go there after login.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.