1

I have an application that uses AD B2C for authentication. I need to allow external IdPs to authenticate via SSO into my application via AD B2C. I followed the steps in this documentation and it worked well for one IdP. https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=macos&pivots=b2c-custom-policy

My use case requires setting up multiple (>30) IdPs and unfortunately this documentation requires creating a new claims provider and technical profile for each IdP set up. Is there a way to set up multiple IdPs without coding them into the custom policy? Along the lines of dynamically pulling the correct IdP from an external data source based on email domain and injecting it into technical profile? Or maybe by setting up a single IdP or bridge and using it as proxy for the 30+ IdPs? I'm curious as to how others have solved this as I'm sure this is not a new use case.

lor229
  • 13
  • 3
  • You can try this approach: https://stackoverflow.com/posts/comments/127641473?noredirect=1 – Juanma Feliu May 29 '22 at 06:49
  • Hi @Ior229, did the suggested solution work for you? Do let me know if it solved your problem else share more details so I can troubleshoot or else do accept it for helping other community members. – Kartik Bhiwapurkar Jul 25 '22 at 04:18

1 Answers1

0

• If you have multiple Identity providers to be configured in your Azure AD B2C application for authentication, then you can configure all the social account identity providers at once by referring to the below documentation link and configuring one by one all the social identity providers as given in this link: -

https://learn.microsoft.com/en-us/azure/industry/training-services/microsoft-community-training/infrastructure-management/install-your-platform-instance/configure-multiple-authentications-in-a-single-instance

Once, all the social identity providers are configured for authentication in the Azure AD B2C application, then you can configure multiple identity providers for multi-tenant Azure AD application one by one as per stated below in this documentation link: -

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy

As per the present developments, it is currently not possible to configure only a single technical profile and claims provider for multiple IDPs or set up multiple IDPs without coding them into custom policies. Currently, you will have to set up the required by entering every IDP’s technical profile and claims provider information in the custom policy XML file.

For more information, you can surely refer to the community thread stated in your comments section to see if it works or not: -

B2C Custom Policy with TP OpenId Connect - IdTokenAudience - MultiApple scenario

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9