Tutorial for configuring HYPR with Azure Active Directory B2C

In this tutorial, learn to configure Azure Active Directory B2C (Azure AD B2C) with HYPR. When Azure AD B2C is the identity provider (IdP), you can integrate HYPR with customer applications for passwordless authentication. HYPR replaces passwords with public key encryptions that help prevent fraud, phishing, and credential reuse.

Prerequisites

To get started, you'll need:

Scenario description

The HYPR integration has the following components:

  • Azure AD B2C – The authorization server to verify user credentials, or the identity provider (IdP)
  • Web and mobile applications - For mobile or web applications protected by HYPR and Azure AD B2C
    • HYPR has mobile SDK and a mobile app for iOS and Android
  • HYPR mobile app - Use it for this tutorial, if you're not using the mobile SDKs in your mobile applications
  • HYPR REST APIs - User device registration and authentication

The following architecture diagram shows the implementation.

Diagram of hypr architecture

  1. User arrives at a sign-in page and selects sign-in or sign-up. User enters username.
  2. The application sends the user attributes to Azure AD B2C for identify verification.
  3. Azure AD B2C sends user attributes to HYPR to authenticate the user through the HYPR mobile app.
  4. HYPR sends a push notification to the registered user mobile device for a Fast Identity Online (FIDO) certified authentication. It can be a user fingerprint, biometric, or decentralized PIN.
  5. After user acknowledges the push notification, user is granted or denied access to the customer application.

Configure the Azure AD B2C policy

  1. Go to Azure-AD-B2C-HYPR-Sample/policy/.
  2. Follow the instructions in Custom policy starter pack to download Active-directory-b2c-custom-policy-starterpack/LocalAccounts/
  3. Configure the policy for the Azure AD B2C tenant.

Note

Update policies to relate to your tenant.

Test the user flow

  1. Open the Azure AD B2C tenant.
  2. Under Policies, select Identity Experience Framework.
  3. Select the SignUpSignIn you created.
  4. Select Run user flow.
  5. For Application, select the registered app (sample is JWT).
  6. For Reply URL, select the redirect URL.
  7. Select Run user flow.
  8. Complete the sign-up flow to create an account.
  9. After the user attribute is created, HYPR is called.

Tip

If the flow is incomplete, confirm the user is saved in the directory.

Next steps