Unable to sign-up with LinkedIn Provider using Azure Active Directory B2C - custom policy

Irina Andon 1 Reputation point
2021-07-15T10:39:46.313+00:00

Hello,

      I have followed all the steps from  this documentation: https://learn.microsoft.com/ro-ro/azure/active-directory-b2c/identity-provider-linkedin?pivots=b2c-custom-policy  and I couldn't managed to include in my sign-up policy  the sign-up with LinkedIn. It still appears my sign up policy, but the button that redirects to LinkedIn sign-up is missing.  
     I have to mention that I have different polices for sign-in and sign-up, and  for sign-in policy is ok. I mean I managed to include in my sign-in policy the  sign-in with Linked-in.  

    Any ideas? Recomandation?  

Thank you in advance!

Irina

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,631 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2021-07-15T11:07:51.723+00:00

    Hi @Irina Andon · Thank you for reaching out.

    To display the button, you need to specify <ClaimsProviderSelection TargetClaimsExchangeId="LinkedInExchange" /> . As you have mentioned, you have different polices for sign-in and sign-up, I suspect your signup policy doesn't include it.

    Ideally, signup policy should only be used for local account signups only and the sign-in policy should include local and social sign-ins. New user can click on the social IDP button provided in the sign-in policy and if user doesn't exist he will get the self asserted page to signup. For this purpose, you can configure signup and sign-in policies as mentioned below:

    Use combined signup&signin policy and set "setting.showSignupLink" item key as shown below to hide the Sign up now link so that users can use the policy only for sign in purpose.

       <ContentDefinition Id="api.signuporsignin">  
         <LoadUri>~/tenant/templates/AzureBlue/unified.cshtml</LoadUri>  
         <RecoveryUri>~/common/default_page_error.html</RecoveryUri>  
         <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri>  
         <Metadata>  
           <Item Key="DisplayName">Signin</Item>  
           <Item Key="setting.showSignupLink">false</Item>  
         </Metadata>  
       </ContentDefinition>  
    

    You can then create a SignUP user journey as mentioned below that you can point to, in your RP file e.g. B2C_1A_SignUp which can be used for sign up only.

    <UserJourney Id="SignUp">  
      <OrchestrationSteps>  
         
        <OrchestrationStep Order="1" Type="ClaimsExchange">  
          <ClaimsExchanges>  
            <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />  
          </ClaimsExchanges>  
        </OrchestrationStep>  
      
        <!-- This step reads any user attributes that we may not have received when in the token. -->  
        <OrchestrationStep Order="2" Type="ClaimsExchange">  
          <ClaimsExchanges>  
            <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />  
          </ClaimsExchanges>  
        </OrchestrationStep>  
       
        <OrchestrationStep Order="3" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />  
      
      </OrchestrationSteps>  
      <ClientDefinition ReferenceId="DefaultWeb" />  
    </UserJourney>  
    

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.