Azure B2C multitenant login

robcool 116 Reputation points
2022-02-24T05:46:34.303+00:00

While setting up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C, it requires generating a client secret while registering the app in Azure AD tenant.

As per the best practice, its good to have this secret rotated frequently but when it comes to implementing this in B2C (for PROD environment) what's the recommendation for rotating secrets ?

Also, do we need to rotate IEF keys ie. TokenSigningKeyContainer and TokenEncryptionKeyContainer as the MS documentation does not state that these keys need to be rotated.

Thanks

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,874 questions
0 comments No comments
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,601 Reputation points
    2022-02-28T09:20:16.373+00:00

    Hi @robcool • Thank you for reaching out.

    In Azure AD B2C, you can roll over the keys periodically, or immediately in case of emergency for security purposes, The rollover frequency may vary depending on each organization's individual policy.

    An Azure AD B2C key container can contain multiple keys. You can use the option highlighted below for this purpose. For auto rollover, you must set only one of those keys as active at any one point in time. When the current key's expiration time has elapsed and the key container contains a new key with valid not before and expiration times, the new key will become active automatically.

    178288-image.png

    Read More: Azure AD B2C Key Rollover

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.