Unable to sign-up with LinkedIn Provider using Azure Active Directory B2C - custom policy

Irina Andon 2 Reputation points
2021-07-15T10:39:46.313+00:00

Hello, 

      I have followed all the steps from  this documentation: https://learn.microsoft.com/ro-ro/azure/active-directory-b2c/identity-provider-linkedin?pivots=b2c-custom-policy  and I couldn't managed to include in my sign-up policy  the sign-up with LinkedIn. It still appears my sign up policy, but the button that redirects to LinkedIn sign-up is missing.  
     I have to mention that I have different polices for sign-in and sign-up, and  for sign-in policy is ok. I mean I managed to include in my sign-in policy the  sign-in with Linked-in.  

    Any ideas? Recomandation?

Thank you in advance!

Irina

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,662 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2021-07-15T11:07:51.723+00:00

    Hi @Irina Andon · Thank you for reaching out.

    To display the button, you need to specify <ClaimsProviderSelection TargetClaimsExchangeId="LinkedInExchange" /> . As you have mentioned, you have different polices for sign-in and sign-up, I suspect your signup policy doesn't include it.

    Ideally, signup policy should only be used for local account signups only and the sign-in policy should include local and social sign-ins. New user can click on the social IDP button provided in the sign-in policy and if user doesn't exist he will get the self asserted page to signup. For this purpose, you can configure signup and sign-in policies as mentioned below:

    Use combined signup&signin policy and set "setting.showSignupLink" item key as shown below to hide the Sign up now link so that users can use the policy only for sign in purpose. 

       <ContentDefinition Id="api.signuporsignin">  
     <LoadUri>~/tenant/templates/AzureBlue/unified.cshtml</LoadUri>  
     <RecoveryUri>~/common/default_page_error.html</RecoveryUri>  
     <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>  
     <Metadata>  
       <Item Key="DisplayName">Signin</Item>  
       <Item Key="setting.showSignupLink">false</Item>  
     </Metadata>  
   </ContentDefinition>

    You can then create a SignUP user journey as mentioned below that you can point to, in your RP file e.g. B2C_1A_SignUp which can be used for sign up only. 

    <UserJourney Id="SignUp">  
  <OrchestrationSteps>  
     
    <OrchestrationStep Order="1" Type="ClaimsExchange">  
      <ClaimsExchanges>  
        <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />  
      </ClaimsExchanges>  
    </OrchestrationStep>  
  
    <!-- This step reads any user attributes that we may not have received when in the token. -->  
    <OrchestrationStep Order="2" Type="ClaimsExchange">  
      <ClaimsExchanges>  
        <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />  
      </ClaimsExchanges>  
    </OrchestrationStep>  
   
    <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />  
  
  </OrchestrationSteps>  
  <ClientDefinition ReferenceId="DefaultWeb" />  
</UserJourney>

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.