Publish your Azure Active Directory B2C app to the Microsoft Entra app gallery
Article
The Microsoft Entra app gallery is a catalog of thousands of apps. The app gallery makes it easy to deploy and configure single sign-on (SSO) and automate user setup. You can find popular cloud apps in the gallery, such as Workday, ServiceNow, and Zoom.
This article describes how to publish your Azure Active Directory B2C (Azure AD B2C) app in the Microsoft Entra app gallery. When you publish your app, it's listed among the options that customers can choose from when they're adding apps to their Microsoft Entra tenant.
Here are some benefits of adding your Azure AD B2C app to the app gallery:
Your app is a verified integration with Microsoft.
SSO access is enabled between your app and Microsoft Entra apps.
Customers can find your app in the gallery with a quick search.
App configuration is simple and minimal.
Customers get a step-by-step configuration tutorial.
Customers can assign the app to various users and groups within their organization.
The tenant administrator can grant tenant-wide admin consent to your app.
Sign in flow overview
The sign-in flow involves the following steps:
Users go to the My Apps portal and select your app. The app opens the app sign-in URL.
The app sign-in URL starts an authorization request and redirects users to the Azure AD B2C authorization endpoint.
Users choose to sign in with their Microsoft Entra ID "Corporate" account. Azure AD B2C takes them to the Microsoft Entra authorization endpoint, where they sign in with their work account.
If the Microsoft Entra SSO session is active, Microsoft Entra ID issues an access token without prompting users to sign in again. Otherwise, users are prompted to sign in again.
Depending on the users' SSO session and Microsoft Entra identity settings, they might be prompted to:
Accept the consent page. Your customer's tenant administrator can grant tenant-wide admin consent to an app. When consent is granted, the consent page won't be presented to users.
Upon successful sign-in, Microsoft Entra ID returns a token to Azure AD B2C. Azure AD B2C validates and reads the token claims, and then returns a token to your application.
To enable sign in to your app with Azure AD B2C, register your app in the Azure AD B2C directory. Registering your app establishes a trust relationship between the app and Azure AD B2C.
If you haven't already done so, register a web application. Later, you'll register this app with the Azure app gallery.
Step 2: Set up sign-in for multitenant Microsoft Entra ID
In your app, copy the URL of the sign-in endpoint. If you use the web application sample, the sign-in URL is https://localhost:5001/MicrosoftIdentity/Account/SignIn?. This URL is where the Microsoft Entra app gallery takes users to sign in to your app.
In production environments, the app registration redirect URI is ordinarily a publicly accessible endpoint where your app is running. The reply URL must begin with https.
Step 4: Publish your Azure AD B2C app
Finally, add the multitenant app to the Microsoft Entra app gallery. Follow the instructions in Publish your app to the Microsoft Entra app gallery. To add your app to the app gallery, use the following steps:
Discover how Microsoft Entra External ID can provide secure, seamless sign-in experiences for your consumers and business customers. Explore tenant creation, app registration, flow customization, and account security.
Learn how to register different apps types such as web app, web API, single-page apps, mobile and desktop apps, daemon apps, Microsoft Graph apps and SAML app in Azure Active Directory B2C