Share via

How to setup B2C solution for Azure when using OpenID

Gurpreet0101Singh-9444 45 Reputation points
2025-05-22T09:50:46.0533333+00:00

We plan to use an OpenID backend to sign up and sign in user.

Do we need to reprocess the jwtoken received from the openid backend and then pass it to Microsoft Azure or will it be taken care of by Azure APIs.

Also we want to take care of as many things as possible using the Custom Policy XML. Any help would be appreciated.

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
25,072 questions
0 comments
Accepted answer
  1. Vigneshwar Duvva 2,225 Reputation points Microsoft External Staff Moderator
    2025-05-23T07:16:59.8333333+00:00

    Hello @Gurpreet0101Singh-9444

    You can absolutely integrate OpenID Connect (OIDC) with Entra AD B2C using Custom Policies. This approach gives you full control over the authentication experience and enables support for virtually any standards-based identity provider.

    Custom policies in Azure AD B2C allow you to define the exact user journey, including how authentication is handled, what identity providers are involved, and how claims are issued. This level of customization is particularly useful when working with external OIDC-compliant identity providers beyond the built-in options.

    OpenID Connect is built on top of OAuth 2.0 and is widely supported across modern identity systems. Azure AD B2C can federate with most identity providers that adhere to the OIDC standard.

    To implement this, you can follow Microsoft’s official guidance on configuring a generic OIDC provider within custom policies:

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-openid-connect?pivots=b2c-custom-policy

    Hope this helps.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Megan Truong 635 Reputation points Independent Advisor
    2025-05-27T06:25:51.79+00:00

    Hello @Gurpreet0101Singh-9444

    Regarding your question about the JWT Token and OpenID, Azure AD B2C does not require you to manually reprocess the JWT token from the external IdP. Instead, it will redirect the user to the OpenID Connect IdP, receive & validate the token response, extract claims and pass them through your custom policy journey. Note that:

    • Ensure your OpenID Connect IdP supports authorization code flow.
    • You can use custom claims transformation in your policy to manipulate or enrich claims.
    • Use Application Insights for debugging policy execution.

    You can follow this official guideline to set up OpenID Connect in Azure AD B2C using Custom Policies:

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-openid-connect?pivots=b2c-custom-policy

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect

    Kindly let me know if you have any further questions or need any clarifications.

    If I have answered your question, please accept this as answer as a token of appreciation and don't forget to give a thumbs up for "Was it helpful"!

    Best regards,

    Megan.

    1 person found this answer helpful.
  2. Gurpreet0101Singh-9444 45 Reputation points
    2025-05-27T09:03:41.2133333+00:00

    @Megan Truong , is there a good documentation on how to use custom claim transformations to manipulate claims and even take decisions like disallow user.

    Thanks to both @Megan Truong and @VigneshwarDuvva-5247 . Let me try all of these and then will select an "Accept Answer".

    Regards

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.