Share via

Setting Up IDP Initiated Login Flow with Azure AD B2C and OpenID Connect

Aditya Gour (NAV India) 80 Reputation points
2025-01-28T06:52:33.38+00:00

I have successfully integrated an external identity provider with Azure AD B2C using Service provider initiated login flow with a custom policy.

However, I'm struggling to implement IDP initiated login flow with an external identity provider, such as Okta, using the OpenID Connect protocol. What are the steps to achieve this?

Microsoft Security Microsoft Entra Microsoft Entra ID
0 comments
Accepted answer
  1. Kancharla Saiteja 5,485 Reputation points Microsoft External Staff Moderator
    2025-02-03T10:02:09.2933333+00:00

    Hi @Aditya Gour (NAV India) ,

    Thanks for your response,

    Yes, as per the document the IDP flow is only supported for local account and cannot be performed for external identity providers with federated IDPs. This comes as the federated identity cannot be signed up in Azure AD B2C as they are specifically managed in federated tenants. Also, B2C does not send the id_token_hint and post_logout_redirect_uri to Okta, and these are required parameters on Okta's side. I would request you to provide your feedback in feedback channel: https://feedback.azure.com/d365community/forum/79b1327d-d925-ec11-b6e6-000d3a4f06a4.
    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kancharla Saiteja 5,485 Reputation points Microsoft External Staff Moderator
    2025-01-30T08:36:30.56+00:00

    Hi @Aditya Gour (NAV India) ,

    Thank you for posting your query on Microsoft Q&A. I am Saiteja from Q&A will be assisting you with your query.
    As per my understanding, you would like to add OKTA as an IDP in Azure AD B2C. You can add OKTA as a generic Open ID connect in your tenant.

    Here are the major steps you need to be keen and looking for the following steps:

    1. You can add the identity provider in TrustframworkExtension.xml as claims provider.
    2. The identity provider should provide the metadata in the form of an end point. well``-known/openid-configuration
    3. Configure an application and get the client id and secret which we may need to provide in response type.
    4. Now you can add the identity provider to the user journey in either Type="CombinedSignInAndSignUp", or Type="ClaimsProviderSelection".
    5. Now you can execute the user journey using the relaying party policy.

    All these steps are detailed in this document. Please do check and follow each and every step.
    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.