Azure AD B2C - How to know which application the user signed up from

afcec 21 Reputation points
2022-02-04T08:37:50.837+00:00

Hi,

I have an instance of Azure AD B2C running successfully and this service is currently being used by several coporate applications. However, there is no information related to each user indicating from which application they signed up from and from my point of view this is quite important. Is there any way to do it? I do not want to add a custom attribute because I do not want this additional parameter to be added to the lay-out of the sign-up form.

Thanks in advance

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,633 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,301 Reputation points
    2022-02-07T12:24:45.31+00:00

    Hi @afcec • Thank you for reaching out.

    From the problem statement, I understood that you want to store application detail in users' properties to identify what application they used to signup without requiring input from users or displaying a field on the signup page. The steps below would require a custom attribute but no additional parameter will be added to the layout of the sign-up form as the App ID will be picked from the initial sign-in URL and added to the claims bag by using claims resolver. Hence, no additional field would be required in the sign-up form.

    • Create a schema attribute:
       <ClaimType Id="extension_AppIDforSignup">  
               <DisplayName>AppID used for Signup</DisplayName>  
               <DataType>string</DataType>  
               <UserInputType>Readonly</UserInputType>  
      </ClaimType>  
      
    • Create ClaimsTransformation Technical Profile:
      <TechnicalProfile Id="OIDCApp">  
                 <DisplayName>OIDC App ID</DisplayName>  
                 <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />  
                   <Metadata>  
                      <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>  
                    </Metadata>  
                 <InputClaims>  
                  <InputClaim ClaimTypeReferenceId="extension_AppIDforSignup" DefaultValue="{OIDC:ClientId}" AlwaysUseDefaultValue="true" />  
                 </InputClaims>  
                 <OutputClaims>  
                   <OutputClaim ClaimTypeReferenceId="extension_AppIDforSignup" />  
                 </OutputClaims>  
                 <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />  
               </TechnicalProfile>  
      
    • Add below Orchestration Step as step 1 in your SignUpOrSignIn user journey. Refactor/re-number the other steps in the journey.
          <OrchestrationStep Order="1" Type="ClaimsExchange">  
            <ClaimsExchanges>  
              <ClaimsExchange Id="OIDCAppExchange" TechnicalProfileReferenceId="OIDCApp" />  
            </ClaimsExchanges>  
          </OrchestrationStep>  
      
    • Add below PersistedClaim in AAD-UserWriteUsingLogonEmail technical profile, to write it as user's property during the signup.
      <PersistedClaim ClaimTypeReferenceId="extension_AppIDforSignup" />  
      
    • Optionally, you can add it to your RP (Signup/Sign-in) file as Output Claim for validation purposes.
          <OutputClaim ClaimTypeReferenceId="extension_AppIDforSignup" PartnerClaimType="AppUsedforSignup" />  
      
      This claim will then be stored in the user properties as "extension_xxxxxxxxxxxxxxxxxxxxxxxxxxxx_AppIDforSignup": "a7xxxxa0-xxxx-xxxx-xxxx-345xxxx04b17"

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.