Configure login identity for the platform
  • 11 Sep 2020
  • 4 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Configure login identity for the platform

  • Print
  • Share
  • Dark
    Light

Microsoft Community Training platform provides three types of login:

  1. Phone number
  2. Social email-based login via your Microsoft, Google or Facebook account
  3. Microsoft Work or School account
Note
Please note this article is in continuation of the installation article.

In this article, we will walk you through on how to configure login identity for the platform.

Phone based authentication

There is no additional configuration needed for phone-based login.

Social account or email based authentication

You can configure social account for your training portal by following the instructions below:

Step 1 - Setup your Azure AD B2C

You can create a new Azure AD B2C tenant or create an existing one based on your organization requirement.

  1. Login to Azure portal.

  2. Create a new Azure Active Directory B2C tenant.

  3. Link the Azure Active Directory B2C tenant just created to your Azure subscription.

Step 2 - Configure your Identity provider

Here are the steps to create policies based on the Identity Provider:

  1. Configure the identity provider – based on your chosen provider such as Microsoft, Google and Facebook

  2. After configuring the identity providers, refer this article article to create a signing flow (a sign-up and sign-in user flow) and a password reset flow (for local account)

    • Select Email Addresses, Given Name, Identity Provider and Surname in Application claims
    • Don’t select any Sign-up attributes
    • Copy the user-flow(s) name to be required later (These will be required during MCT platform installation)
Setting Password Reset Flow for an Existing Deployment

If you are setting up the Password reset flow on an existing deployment with Azure AD B2C authentication,

  1. Set Userflow Name as pwd_reset (Step #1 in Create Flow using steps in this article)

  2. Add the following URLs in the Reply URL section,
    a. "https://name.azurewebsites.net/signin-b2c-pwd"
    b. "https://name-staging.azurewebsites.net/signin-b2c-pwd"
    where "name" corresponds to your website name.

  3. Open App Service and add the following configurations both with value as B2C_1_pwd_reset,
    a. AzureADB2CPasswordResetPolicy
    b. idp:AzureADB2CPasswordResetPolicy
    image.png

Step 3 - Create Azure AD B2C application

Here are the steps an create on Azure AD B2C tenant and link the same with your training portal instance:

  1. Create a new Azure AD B2C application by following this article. Please ensure application properties are set as following:
Application Properties
  1. Web app / Web API - set to "Yes"

  2. Allow implicit flow - set to "No"

  3. Add following to Reply URL
    a. "https://name.azurewebsites.net/signin-b2c"
    b. "https://name-staging.azurewebsites.net/signin-b2c"
    where "name" corresponds to your website name.

  4. If you are setting up Password reset flow, then add following to Reply URL
    a. "https://name.azurewebsites.net/signin-b2c-pwd"
    b. "https://name-staging.azurewebsites.net/signin-b2c-pwd"
    where "name" corresponds to your website name.

image.png

  1. Copy the Application ID value to be required later for Client ID.

  2. Under Application, go to Keys and click on Generate Key.

  3. Click on Save and the app key will appear. Copy the value to be required later for Client Secret.

  4. Go to Azure Active Directory from the left menu of your Azure portal, click on Domain Names and copy the tenant name under Name to be required later for Tenant Name. For example, if the default domain for your Azure AD tenant is contoso.onmicrosoft.com, then enter contoso.

  5. Next continue from Step 9 in the installation article.

Work or School Account based authentication

Configure Work or School account for your training portal by following the instructions below:

Step 1 - Setup your Azure AD

You can create a new Azure Active Directory tenant or use an existing one based on your organization requirement.

  1. Create a new Azure Active Directory tenant and copy the tenant name required later as Tenant Name. If you already have an existing Azure AD, use the same and copy the tenant name required later as Tenant Name. For example, if the default domain for your Azure AD tenant is contoso.onmicrosoft.com, then enter contoso.

  2. Go to the Show diagnostics section on the right and copy the tenant ID required later as Tenant ID.

Step 2 - Create Azure AD application

  1. Create a new Azure AD application by following this article. You only need to follow the section titled Create an Azure Active Directory application. Please ensure to set the Redirect URIs as per below:
Redirect URIs
  1. Set to type "Web"

  2. Add following to Redirect URIs,
    a. "https://name.azurewebsites.net"
    b. "https://name.azurewebsites.net/signin-azureAD"
    c. "https://name-staging.azurewebsites.net/signin-azureAD"
    where "name" corresponds to your website name.

image.png

  1. Click on Expose an API from the left menu of your application.
    image.png

  2. Click on "Add a scope". Ensure that the auto-populated value of Application ID URI is of the form "api://{ClientID}"
    image.png

  3. Click on Save and continue.

  4. Enter the value "access_as_user" under Scope name.

  5. Select Admins and users under Who can consent?

  6. Populate the remaining values. These values appear on the login screen (unless global consent is granted by admin)

  7. Obtain Client ID and Client Secret.
    a. Copy the value of Application ID required later as Client ID
    b. Click on Certificates & Secrets from the left menu.
    c. Click on New client secret.
    d. Enter the description and expiry time of the secret (recommended to select Never for expiry time) and click on Save button. A value would be shown. Save this value. Would be required later as the ClientSecret.
    image.png

  8. Next continue from Step 9 in the installation article.

Was This Article Helpful?