0

I have a working Xamarin Forms app that uses Azure AD B2C to login to providers such as Microsoft, Google, LinkedIn, Apple, etc. The login process works smoothly except that I get the message "Let this app access your info? unverified". See picture below:

enter image description here

I know how to resolve this issue for an Azure AD application. See Publisher verification and app consent policies are now generally available

The Azure documentation clearly states that this is not supported for Azure AD B2C Apps. Is there an alternate way to get past the "unverified" messsage? This is causing a massive adoption problem for my app as downloaders are hesitant to login to an app with an "unverified" publisher.

Any and all help will be appreciated.

sidsud
  • 25
  • 9
  • This is not delivered by a AAD B2C login page. Its the OAuth2 consent prompt delivered by Azure AD. Was this 'application registration' created to add Azure AD as an Identity Provider to AAD B2C user flow/custom policy? – Jas Suri - MSFT Jan 19 '22 at 09:33

2 Answers2

0

• Sorry, there is no way through which we can mark an Azure AD B2C application publisher as verified. Though, you can register that application as an internal Azure AD application and ensure that it is publisher verified which will in turn make the ‘unverified’ tag go away during the login process.

a) Also, ensure that the domain of the mail ID used to register for MPN (Microsoft Partner) account verification should be the same one configured as a custom domain and verified in your Azure AD tenant in which you wish to register the Xamarin form application.

b) The user account should be assigned one of the following roles: - MPN admin, Accounts admin or a Global admin in partner center account and application admin, cloud application admin or a global admin in Azure tenant.

c) This user account must sign into the Azure AD tenant using MFA and the publisher should agree to the Microsoft Identity Developer Terms of Use.

Please refer the below link for the documentation on marking an application publisher as verified in Azure AD: -

https://learn.microsoft.com/en-us/azure/active-directory/develop/mark-app-as-publisher-verified

Would also suggest you to please refer this below SO thread for more information as it explains further publisher domain verification in Azure AD: -

Mark an app as publisher verified in Azure AD B2C

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9
  • If I create an internal Azure AD application, will it support logins with identity providers such as google. facebook, etc. – sidsud Jan 20 '22 at 05:33
  • Yes, it will support logins with Google and Facebook too in your internal Azure AD application like you can provision users in your Azure AD or configure SSO with these platforms. Please refer this link for more details : - https://learn.microsoft.com/en-us/azure/active-directory/external-identities/google-federation – Kartik Bhiwapurkar Jan 20 '22 at 13:50
  • Thanks Kartik for the info. I see google and facebook federation but I do not see linkedIn and Apple. I am assuming that these providers are not supported as yet. – sidsud Jan 21 '22 at 04:26
  • Linkedin application federation is supported in Azure AD as you can search for it in Enterprise applications but regarding Apple, can you please be specific as in which apple platform you want to federate with because as per what I know, Apple doesn't have their own SaaS platform like others to federate with. – Kartik Bhiwapurkar Jan 21 '22 at 06:53
  • I dont want to federate to any particular platform but simply want to use common OAuth providers such as Microsoft, Google, LinkedIn, Facebook, Twiiter and Apple. I tried using the approach described here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-user-flow#verify-the-applications-publisher-domain There seems to be a way to ensure publisher verification for AD B2C by using Microsoft Graph. – sidsud Jan 25 '22 at 03:57
  • Yes, please follow this link to set your app's publisher as verified in Azure AD B2C also. But for that too, you will have to follow the steps as mentioned above in my answer first: - https://learn.microsoft.com/en-us/azure/active-directory/develop/troubleshoot-publisher-verification#set-verified-publisher – Kartik Bhiwapurkar Jan 25 '22 at 06:55
  • Thanks for all of your help Kartik but it is indeed possible to mark an Azure AD B2C as publisher verified. While your initial answer was not correct, your links allowed me to explore in the right direction. See my answer below. – sidsud Feb 12 '22 at 04:56
0

I finally succeeded in marking my Azure AD B2C application as publisher verified. Now I no longer get the "unverified" description in the access screen. To do this, I followed the instructions here:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-user-flow#verify-the-applications-publisher-domain

It is especially important to know that the MPN id cannot be set by a user interface but you have to use Graph Explorer to set it.

The code below is an example of using Graph Explorer to set the MPN Id: Where appObjectId is the object id of your AD B2C App. It is NOT the app id but the object id. The VerifiedPublisherID is your MPN Id that you wish to set.

POST /applications/appObjectId/setVerifiedPublisher 

{ 

    "verifiedPublisherId": "12345678" 

}
sidsud
  • 25
  • 9