I am creating application where I use AD B2C with Custom Policies to implement user management capabilities. In my application however I need to support multiple types of accounts while for each of the account type there should be different sign-up process (different user data to collect). My question is, what is the best approach to implement this?
Asked
Active
Viewed 382 times
2 Answers
1
Depending on other requirements you might have you may create many separate sign up policies or a single one to which you can pass a parameter (account type) which value will decide which step with specific self-asserted profile to execute.
If your appllication expects to retrieve access token in the registration process and your backend validates tfp name then you probably want to have a single policy. If this is not the case and the user needs to log in after registration then you may quite salefy go with many policies.
The other difference is how the UserJourney is constructed. In case of many policies you may (depends on how many self-sserted steps you want to have for particular account types) have a simple UserJourney in EXT policy and just some overrides in RP (choosing a different self-fasserted technical profile). When you decide to have a single policy you will need to have steps dedicated for particular account types with preconditions defined.
It also depends on how big your overall identity setup is. I'm having lots of policies (going beyond the standard 100/tenant quota) so I'm personally more fond of multi-purpose policies than splitting features across many and ending up with even more of them.
I believe there is no single perfect answer for your question. There are many factors which decide which approach will work best for you. Even something as simple as styling (page templates) can affect it.
wojtekdo
- 374
- 1
- 8
1
I would suggest you to provide the users with 2 different buttons e.g. UserType1 and UserType2 on the application page and these buttons should invoke different user flows. There are 2 options available for this purpose:
- Create 2 separate chain of policy files
- Create multiple user journeys in Base or Extensions file and use multiple RP (signup_signin) files referencing different user journeys.
In order to create two set of policy files, you can choose to create two separate chains, as mentioned below:
B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN
B2C_1A_TRUSTFRAMEWORKBASE1 > B2C_1A_TRUSTFRAMEWORKEXTENSIONS1 > B2C_1A_SIGNUP_SIGNIN1
However, it is not necessary to use 2 set of policy files, if you want to use 2 RP (B2C_1A_SIGNUP_SIGNIN) files. You may also consider creating 2 separate user journeys in your B2C_1A_TRUSTFRAMEWORKBASE or B2C_1A_TRUSTFRAMEWORKEXTENSIONS file, e.g., <UserJourney Id="SignUpOrSignIn"> and <UserJourney Id="SignUpOrSignIn1">.
Once you have the two User Journeys configured, in B2C_1A_SIGNUP_SIGNIN file you can reference <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> and in B2C_1A_SIGNUP_SIGNIN1 file, reference <DefaultUserJourney ReferenceId="SignUpOrSignIn1" />
If you use this configuration, the policy file chains will look like:
B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN
B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN1
Additionally, the name of RP File (SIGNUP_SIGNIN) will be different in both cases. In option 1, all three files have different names and in option 2, Base and Extensions files will be same only the RP files are different. Regardless of which option you choose, you can specify the name of the RP File (SIGNUP_SIGNIN) in the URL you have mentioned above. B2C supports 200 policy files to be uploaded, so you can choose to go with option 1 without worrying about exhausting the allowed limit of policy files.
AmanpreetSingh_msft
- 605
- 5
- 8