It seems like you're using an older browser. Things might not work as expected.

Setup Azure Active Directory B2C and configure Storefront 365 to use it

For Partners

Documentation
White papers
Articles
How to
Technical summary
Starter site overview
Dynamic attributes with Dynamics 365 for Finance and Operations
Dynamic attributes with Dynamics AX 2012 R3
Add a discount using Dynamics AX 2012 R3
Add a discount using Dynamics 365 for Finance and Operations
Price and discount trade agreement
Import products to Episerver
Create a mix 'n match discount
Extract images from Contoso
Update product info
Publish a catalog
See active price
Change the price
Price diff in the online channel
Run the Integration FWK
Setup Demo Environment
Dynamics AX2012 Overview
Microsoft Flow
Identity Provider
Service-to-service trust
Setup Azure Active Directory B2C
Configure Storefront 365
Setting up Avensia Storefront inRiver PMC import
Staging from InRiver PMC
Setting up InRiver PMC Extensions
Download
Tutorials

How to setup Azure AD B2C as Identity Provider

Setup Azure AD B2C with an ROPC policy

  1. Create an Azure AD B2C tenant (if it doesn't already exist). Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant.
  2. Configure the resource owner password credentials (ROPC) flow. Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-ropc
    1. Register a B2C application as Native client.
    2. Create a resource owner policy.
  3. Select the following application claims to return for the policy: `emails`, `identityProvider` and `objectId.
  4. Make sure the issuer claim returned is OpenID Connect Discovery 1.0 compliant, by selecting the issuer claim format that includes the policy ID in the URL.
  5. Add an Azure AD B2C _User attribute_ called `PasswordResetToken`.

Setup Azure AD Graph API

  1. Register an Azure AD Graph API application using the _App Registrations_ service in Azure portal.
    Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet.
  2. Configure create, read and update permissions.
  3. Configure delete permissions.

Setup Identity Provider connection in Dynamics AX

  1. The Identity Provider Issuer URL should be set to the value returned in the issuer claim as setup in the ROPC policy for Azure AD B2C above.
  2. A relying party should be added with ClientId set to the B2C application id.

Whitelist your site for sign in

  1. Configure a _Named location_ in Azure AD for your site to avoid suspicious activity reports by the identity protection system.
    Reference: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/quickstart-configure-named-locations.

Update appsettings.config

Add the following settings to the appsettings.config file of the web site.

Setting Description
Azure.AD.B2C.Tenant The name of the Azure AD B2C tenant, on the form <myB2Ctenant\>.onmicrosoft.com.
Azure.AD.B2C.Host The host name of the Azure AD B2C application, on the form: <myB2Ctenant\>.b2clogin.com.
Azure.AD.B2C.Policy The name of the ROPC policy.
Azure.AD.B2C.ClientId The Azure AD B2C application id.
Azure.AD.GraphAPI.ClientId The Azure AD Graph API application id.
Azure.AD.GraphAPI.ClientSecret The secret showed when creating the Azure AD Graph API application.
Azure.AD.GraphAPI. PasswordResetTokenAttribute

The name of the user AD profile attribute used to store the password reset token. To use the user attribute created above, this is referenced like this: `extension_<b2c-extensions-app-id-without-hyphens>_PasswordResetToken`
Reference: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet#use-custom-attributes
Products
Services
Partners
Customers
News
Events
About Us
For Partners