Configuring D365 Portal Authentication using Azure AD B2C

Well most of us have been configuring or rather not doing any configuration with authentication and have been using local authentication. But believe me if we spend more time configuring the Portal Authentication to use Azure AD B2C you will get more secure and more user management capabilities.

First thing you will need is Azure subscription. A free trial will give you access to $200 credit but you will need to provide credit card for verification purpose.

Login to Azure

Navigate to https://portal.azure.com. If you have multiple directories; you will need to be in the default directory.

Create Azure AD B2C

Click on “Create Resource” on the left-hand panel and search for “Azure Active Directory B2C”

Enter organization name, Initial domain name and select appropriate country.

Link Azure AD B2C to your current subscription

Once you are notified that the Azure AD B2C directory is created; click on “Create Resource” again and search for “Azure Active Directory B2C” (not intuitive). But now instead of clicking on “Create new Azure AD B2C tenant” you have to select “Link an existing Azure AD B2C tenant to my subscription”.

Select your newly created B2C tenant, select your subscription, select an existing resource group or you can create a new resource group.

Configure Azure AD B2C tenant

Now that the tenant is ready; let’s configure it for authentication flows.

Navigate to your newly created B2C tenant from “All Resources” option. Once you open you B2C resource you will get an option to open the settings – which will open in a new window. This is shown as below.

Create a new application by clicking on ‘Application’ and ‘Add’. Supply the name of the application.

Name your application so that you know the reason for which you created it

Once the application is created, now add a ‘Reply Url’ something like https://your-portal-domain.microsoftcrmportals.com/signin-azure-ad-b2c and in the App Id Uri type portal. Store the Reply Url as you will need it later.

SettingValue
NameMyPortalApp
Include Web App/Web APIYes
Allow implicit flowYes
Reply Url https://your-portal-domain.microsoftcrmportals.com/signin-azure-ad-b2c
App ID UrlAdd portal to a predefined URL
Native ClientNo

Once the application is created note down the Application Id – which will be used later while configuring the portal.

Now, click on generate key and save it in a secure place. You won’t be able to retrieve it later.

Now go back to Azure B2C overview page and select “User Flow”; click on “New Flow”. Select ‘Sign up and sign in” flow. Fill in all the needed details as mentioned in the table below.

SettingsValueComments
NameB2C_1_signupsigninYou can name it anything
Identity ProviderEmail signup
Multi-factor AuthDisabledYou can enable it if you want

For ‘User attributes and claims’ – click ‘Show more’ and select the following:

Click save and signup-signin policy will be created. Once it gets created, open it up to edit it. Select ‘Properties’ on this section and under ‘Token compatibility settings’ select the option for TFP. Click save. Once saved; click on ‘Run user flow’ and copy the issuer URL; you will need it later.

Let’s recap what we have so far.

  1. Reply Url
  2. Application Id
  3. App Key
  4. Issuer Url

Configure D365 Portal

Once your Azure AD B2C is ready let’s get your portal ready to accept the Azure AD B2C authentication settings,

Site Settings

Navigate to your site settings and review existing site settings as mentioned below.

SettingsValue
Authentication/LoginTrackingEnabledTRUE
Authentication/Registration/EmailConfirmationEnabledTRUE
Authentication/Registration/LoginButtonAuthenticationType<this will be the issuer Url from above>
Authentication/Registration/ProfileRedirectEnabledTRUE

Now, let’s add new settings for Azure AD B2C. Before you create these settings; confirm if they don’t already exists.

SettingsValue
Authentication/OpenIdConnect/Azure AD B2C/RedirectUri <this is your reply Url from above>
Authentication/OpenIdConnect/Azure AD B2C/ClientId<this is your application id from above>
Authentication/OpenIdConnect/Azure AD B2C/Authority<this is your Issuer Url from above>
Authentication/OpenIdConnect/Azure AD B2C/PostLogoutRedirectUri<this is your portal Url where users will be redirected when they logout>

We also need to define the claims mapping; what we are capturing on the signup form to be mapped over to CRM.

SettingsValue
Authentication/OpenIdConnect/Azure AD B2C/LoginClaimsMappingemailaddress1=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,firstname=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname,lastname=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Authentication/OpenIdConnect/Azure AD B2C/RegistrationClaimsMappingemailaddress1=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress,firstname=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname,lastname=http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Format for mapping claims: CRM_attribute1_name=Azure_claim1_Uri, CRM_attribute2_name=Azure_claim2_Uri

To know more about claims or if you want to map more claims please click here.

All the settings should be done. Now restart your portal and test the login as well as signup.

Advertisements

4 thoughts on “Configuring D365 Portal Authentication using Azure AD B2C

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s