Configure login identity for the platform
  • Updated on 27 Nov 2019
  • 3 minutes to read
  • Print
  • Share
  • Dark
    Light

Configure login identity for the platform

  • Print
  • Share
  • Dark
    Light

Microsoft Community Training platform provides three types of login:

  1. Phone number
  2. Social email-based login via your Microsoft, Google or Facebook account
  3. Microsoft Work or School account
Note
Please note this article is in continuation of the installation article.

In this article, we will walk you through on how to configure login identity for the platform.

Phone based authentication

There is no additional configuration needed for phone-based login.

Social account or email based authentication

You can configure social account for your training portal by following the instructions below:

Step 1 - Setup your Azure AD B2C

You can create a new Azure AD B2C tenant or create an existing one based on your organization requirement.

  1. Login to Azure portal.

  2. Create a new Azure Active Directory B2C tenant.

  3. Link the Azure Active Directory B2C tenant just created to your Azure subscription.

Step 2 - Configure your Identity provider

Here are the steps to create policies based on the Identity Provider:

  1. Configure the identity provider – based on your chosen provider such as Microsoft, Google and Facebook.

  2. After configuring the identity providers, refer this article article to create a sign-up and sign-in user flow

    • Select Email Addresses, Given Name, Identity Provider and Surname in Application claims.
    • Don’t select any Sign-up attributes.
    • Copy the user-flow name to be required later for User Flow Name.

Step 3 - Create Azure AD B2C application

Here are the steps an create on Azure AD B2C tenant and link the same with your training portal instance:

  1. Create a new Azure AD B2C application by following this article. Please ensure application properties are set of following:

    Web app / Web API - set to "Yes"
    
    Allow implicit flow - set to "No"
    
    Reply URL - add "https://<name>.azurewebsites.net/signin-b2c" and "https://<name>-staging.azurewebsites.net/signin-b2c" where <name> corresponds to your website name. 
    
    Native Client - set to "No"
    

    image.png

  2. Copy the Application ID value to be required later for Client ID.

  3. Under Application, go to Keys and click on Generate Key.

  4. Click on Save and the app key will appear. Copy the value to be required later for Client Secret.

  5. Go to Azure Active Directory from the left menu of your Azure portal, click on Domain Names and copy the tenant name under Name to be required later for Tenant Name. For example, if the default domain for your Azure AD tenant is contoso.onmicrosoft.com, then enter contoso.

  6. Next continue from Step 9 in the installation article.

Work or School Account based authentication

Configure Work or School account for your training portal by following the instructions below:

Step 1 - Setup your Azure AD

You can create a new Azure Active Directory tenant or use an existing one based on your organization requirement.

  1. Create a new Azure Active Directory tenant and copy the tenant name required later as Tenant Name. If you already have an existing Azure AD, use the same and copy the tenant name required later as Tenant Name. For example, if the default domain for your Azure AD tenant is contoso.onmicrosoft.com, then enter contoso.

  2. Go to the Show diagnostics section on the right and copy the tenant ID required later as Tenant ID.

Step 2 - Create Azure AD application

  1. Create a new Azure AD application by following this article. You only need to follow the section titled Create an Azure Active Directory application. Please ensure to set the Redirect URIs as per below:

    For Redirect URIs 
       set to type "Web" 
       add "https://<name>.azurewebsites.net", "https://<name>.azurewebsites.net/signin-azureAD" and "https://<name>-staging.azurewebsites.net/signin-azureAD" as redirect URIs where <name> corresponds to your website name. 
    

    image.png

  2. Click on Expose an API from the left menu of your application.
    image.png

  3. Click on "Add a scope". Ensure that the auto-populated value of Application ID URI is of the form "api://{ClientID}"
    image.png

  4. Click on Save and continue.

  5. Enter the value "access_as_user" under Scope name.

  6. Select Admins and users under Who can consent?

  7. Populate the remaining values. These values appear on the login screen (unless global consent is granted by admin)

  8. Obtain Client ID and Client Secret.
    a. Copy the value of Application ID required later as Client ID
    b. Click on Certificates & Secrets from the left menu.
    c. Click on New client secret.
    d. Enter the description and expiry time of the secret (recommended to select Never for expiry time) and click on Save button. A value would be shown. Save this value. Would be required later as the ClientSecret.
    image.png

  9. Next continue from Step 9 in the installation article.

Was this article helpful?