User Flows in Azure AD B2C

In the previous blogs we saw how to provision Azure AD B2C and then how to register a new application in it.

A User flow is the most important part of B2C, it enables you to modify and control what happens in the authentication, starting from what sign page your customer will be using, it’s branding, customization in terms of look and feel, the information to be collected from the users, option to use identity providers (Google, Facebook and so on), MFA from Azure and the information that is received as a token post authorization.

In short, once you click on sign-in button till the point you return back to home screen, everything in between is controlled by User flows.

It is recommended to use the in built policies until there is dire need of using custom policy.

There are three recommended user flows and these are more than enough in majority of cases.

The user flows available are:
1. Sign up and Sign in
2. Profile Editing
3. Password Reset

User Flow

As the name suggests it lets an user or customer to log into their account.

You just need to provide a name, currently we don’t have other identity provide added and so the only option you might be having is “Email Signup”.

The last option to provide when creating the user flow is what attributes you want to collect from the user and what all you wish to return inside the token, that you can use in your application.

Once you have created your user flow you can test it out bu clicking “Run user Flow”.

Once you select “Run user flow” you’ll be given the option to select the Reply URL which is set to “https://jwt.ms” here and click “Run user flow”.

When you click on “Send Notification” you will get a mail from MS on behalf of your B2C with a verification code.

Similarly you can create the User Flow for the others.

The signup/in, password reset and profile edit pages are the default ones provided by Azure if wish to modify these pages as per your branding need you can select the “Page layouts” in each User Flow and select your own customized page uploaded in Storage account and have CORS enabled.

To use external identity providers use these links Amazon, Facebook, Google. (For others refer the same page)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s