Unable to sign-up with LinkedIn Provider using Azure Active Directory B2C - custom policy

Irina Andon 2 Reputation points
2021-07-15T10:39:46.313+00:00

Hello,

      I have followed all the steps from  this documentation: https://learn.microsoft.com/ro-ro/azure/active-directory-b2c/identity-provider-linkedin?pivots=b2c-custom-policy  and I couldn't managed to include in my sign-up policy  the sign-up with LinkedIn. It still appears my sign up policy, but the button that redirects to LinkedIn sign-up is missing.  
     I have to mention that I have different polices for sign-in and sign-up, and  for sign-in policy is ok. I mean I managed to include in my sign-in policy the  sign-in with Linked-in.  

    Any ideas? Recomandation?  

Thank you in advance!

Irina

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,999 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,731 Reputation points
    2021-07-15T11:07:51.723+00:00

    Hi @Irina Andon · Thank you for reaching out.

    To display the button, you need to specify <ClaimsProviderSelection TargetClaimsExchangeId="LinkedInExchange" /> . As you have mentioned, you have different polices for sign-in and sign-up, I suspect your signup policy doesn't include it.

    Ideally, signup policy should only be used for local account signups only and the sign-in policy should include local and social sign-ins. New user can click on the social IDP button provided in the sign-in policy and if user doesn't exist he will get the self asserted page to signup. For this purpose, you can configure signup and sign-in policies as mentioned below:

    Use combined signup&signin policy and set "setting.showSignupLink" item key as shown below to hide the Sign up now link so that users can use the policy only for sign in purpose.

       <ContentDefinition Id="api.signuporsignin">  
         <LoadUri>~/tenant/templates/AzureBlue/unified.cshtml</LoadUri>  
         <RecoveryUri>~/common/default_page_error.html</RecoveryUri>  
         <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>  
         <Metadata>  
           <Item Key="DisplayName">Signin</Item>  
           <Item Key="setting.showSignupLink">false</Item>  
         </Metadata>  
       </ContentDefinition>  
    

    You can then create a SignUP user journey as mentioned below that you can point to, in your RP file e.g. B2C_1A_SignUp which can be used for sign up only.

    <UserJourney Id="SignUp">  
      <OrchestrationSteps>  
         
        <OrchestrationStep Order="1" Type="ClaimsExchange">  
          <ClaimsExchanges>  
            <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />  
          </ClaimsExchanges>  
        </OrchestrationStep>  
      
        <!-- This step reads any user attributes that we may not have received when in the token. -->  
        <OrchestrationStep Order="2" Type="ClaimsExchange">  
          <ClaimsExchanges>  
            <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />  
          </ClaimsExchanges>  
        </OrchestrationStep>  
       
        <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />  
      
      </OrchestrationSteps>  
      <ClientDefinition ReferenceId="DefaultWeb" />  
    </UserJourney>  
    

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.