Set up direct sign-in using Azure Active Directory B2C

Before you begin, use the Choose a policy type selector to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.

When you set up sign-in for your application using Azure Active Directory B2C (Azure AD B2C), you can prepopulate the sign-in name or directly sign in to a specific social identity provider, such as Facebook, LinkedIn, or a Microsoft account.

Prepopulate the sign in name

During a sign-in user journey, a relying party application may target a specific user or domain name. When targeting a user, an application can specify, in the authorization request, the login_hint query parameter with the user sign-in name. Azure AD B2C automatically populates the sign-in name, while the user only needs to provide the password.

Sign up sign in page with login_hint query param highlighted in URL

The user is able to change the value in the sign-in textbox.

To support sign in hint parameter, override the SelfAsserted-LocalAccountSignin-Email technical profile. In the <InputClaims> section, set the DefaultValue of the signInName claim to {OIDC:LoginHint}. The {OIDC:LoginHint} variable contains the value of the login_hint parameter. Azure AD B2C reads the value of the signInName claim and pre-populates the signInName textbox.

<ClaimsProvider>
  <DisplayName>Local Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
      <InputClaims>
        <!-- Add the login hint value to the sign-in names claim type -->
        <InputClaim ClaimTypeReferenceId="signInName" DefaultValue="{OIDC:LoginHint}" />
      </InputClaims>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

Redirect sign in to a social provider

If you configured the sign-in journey for your application to include social accounts, such as Facebook, LinkedIn, or Google, you can specify the domain_hint parameter. This query parameter provides a hint to Azure AD B2C about the social identity provider that should be used for sign-in. For example, if the application specifies domain_hint=facebook.com, sign in goes directly to the Facebook sign in page.

Sign up sign in page with domain_hint query param highlighted in URL

The domain hint query string parameter can set to one of the following domains:

To support domain hint parameter, you can configure the domain name using the <Domain>domain name</Domain> XML element of any <ClaimsProvider>.

<ClaimsProvider>
    <!-- Add the domain hint value to the claims provider -->
    <Domain>facebook.com</Domain>
    <DisplayName>Facebook</DisplayName>
    <TechnicalProfiles>
    ...