Using Azure B2C with SharePoint Subscription Edition

Milan Gross 11 Reputation points
2022-03-05T02:49:22.37+00:00

We are trying to configure an on-premises SharePoint Subscription Edition (not SharePoint Online!) to work with Azure B2C to allow users to authenticate using Facebook and LinkedIn. We are able to configure Azure B2C settings to connect to Facebook and LinkedIn and when we do a standalone test it shows us the login prompts for these. We are able to connect SharePoint SE to Azure AD through OIDC and it recognizes the connection. However, when we try an end-to-end test to log into a SharePoint page, we cannot get it to provide the Facebook and LinkedIn options to the user. Wondering if this is a scenario that should work or is there a limitation in SharePoint SE that is preventing it?

180220-azure-b2c-test.jpg

180248-sharepoint-se-test.jpg

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,949 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Milan Gross 11 Reputation points
    2022-03-09T13:29:50.113+00:00

    Hi All,

    I got a confirmed answer from Microsoft that SharePoint SE does not currently support Azure B2C. The problem is that while SharePoint SE connects to Azure AD just fine however when SP connects to AAD B2C we noticed that the certificate only supports the x5c string. This leads to the certificate needed by SharePoint being mismatched from the one automatically published on Azure AD B2C.

    From MS:
    "After internal discussion, we have confirmed temporarily B2C only supports the RSA modulus (n) and the RSA public exponent (e).
    For more reference about AzureAD B2C public key: https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview#validate-signature"

    1 person found this answer helpful.

  2. Echo Du_MSFT 17,196 Reputation points
    2022-03-07T01:41:35.493+00:00

    Hello @Milan Gross ,

    Welcome to Q&A Forum!

    According to your description, your problem is more related to Azure Active Directory B2C. Therefore, we suggest that you can go to the Azure AD B2C Community for professional help.

    If you have any concerns, please feel free to reply.

    Thanks,
    Echo Du

    =========================================

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. JamesTran-MSFT 36,656 Reputation points Microsoft Employee
    2022-03-07T22:57:20.707+00:00

    @Milan Gross
    Thank you for your post!

    Azure AD B2C can't be used to authenticate users for Microsoft 365. Azure AD is Microsoft's solution for managing employee access to SaaS apps and it has features designed for this purpose such as licensing and Conditional Access. Azure AD B2C provides an identity and access management platform for building web and mobile applications. When Azure AD B2C is configured to federate to an Azure AD tenant, the Azure AD tenant manages employee access to applications that rely on Azure AD B2C.

    Links:
    Can I use Azure AD B2C to provide social login (Facebook and Google+) into Microsoft 365?
    Does Azure AD B2C work with SharePoint on-premises 2016 or earlier?
    Add Azure Active Directory B2B collaboration users in the Azure portal

    If you'd like this feature to be available, I'd recommend leveraging our User Voice forum and creating a feature request, so our engineering team can look into implementing this. I'll also created an internal feature request, so our engineering team is aware of this as well.

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.