Stack Overflow
Stack Overflow

Questions tagged [identity-experience-framework]

A feature of Microsoft's Azure Active Directory Business-to-Consumer service that allows for detailed customization of user sign-up and authentication processes through creation and upload of xml configuration files.

Identity Experience Framework

A fully configurable, policy-driven, cloud-based Azure platform that orchestrates trust between entities (broadly Claims Providers) in standard protocol formats such as OpenIDConnect, OAuth, SAML, WSFed, and a few non-standard ones (for example REST API-based system-to-system claims exchanges). The I2E creates user-friendly, white-labeled experiences that support HTML, CSS, and javascript. Today, the Identity Experience Framework is available only in the context of the Azure AD B2C service and prioritized for tasks related to CIAM.

Identity Experience Framework is synonymous with Custom Policies.

What are custom policies?

Custom policies are configuration files that define the behavior of your Azure AD B2C tenant. Whereas built-in policies are predefined in the Azure AD B2C portal for the most common identity tasks, custom policies can be fully edited by an identity developer to complete a near unlimited number of tasks. Read on to determine if custom policies are right for you and your identity scenario.

193 questions
11
votes
2 answers

Azure AD B2C - "emails" claim in custom policy

I'm looking for a way to add an emails claim (collection of emails) to a custom policy for Azure AD B2C. This application claim is available from the Azure Portal directly but I cannot find a way to implement this in a custom policy which I need to…
Sebastian Możejko
  • 111
  • 1
  • 4
9
votes
2 answers

In Azure AD B2C, How do i link a social account of a user with an already existing local account during first time sign in from social login?

As i understand from documentation, Azure AD B2C creates a new local account for every user that comes from a social login such as GMail/Facebook while signin first time (Correct me, if i'm wrong). However i want to intercept this and link the user…
venkatr
  • 399
  • 3
  • 12
7
votes
2 answers

OAUTH-KV Claims Resolver in AAD B2C does not work

I am trying to use the OAUTH-KV Claims Resolver to extract the value of a parameter named foo passed to an AAD B2C custom policy authorize endpoint as a claim, also named foo. The foo ClaimType is defined as Foo…
rjb
  • 113
  • 1
  • 6
7
votes
1 answer

Azure AD B2C Password Reset policy without email verification step

Is it possible to create custom policy to reset password for already known email? I create user using Graph API and send invitation email to the specified email address. I want user to click on the link in that email and just set password for his…
Klio
  • 107
  • 2
  • 6
6
votes
1 answer

Azure B2C Custom Policy - ID/Access tokens are not getting latest claims through Refresh Token

I've created Azure B2C custom policy to get claims in ID/Access token & getting refresh token through "authorization_code" grant. Then I've updated one of User claim i.e("displayName") through Azure AD Graph API. Next I've tried to get updated claim…
Jeeva
  • 71
  • 4
6
votes
1 answer

Azure AD B2C - Refresh_Token refresh claims via REST (Identity Experience Framework)

We have Azure AD B2C setup to use Identity Experience Framework, and on sign-in/sign-up a REST call is made to get extra security credential claims via an Azure Function. This works fine. When we request an Access/Id Token via Refresh_Token via…
tank104
  • 323
  • 4
  • 15
5
votes
1 answer

Invalid usename or password when sigining local account with Azure AD B2C Custom Policy

Scenario: When I started to do a test with AAD B2C Custom policy, I used this sample: active-directory-b2c-custom-policy-starterpack/SocialAndLocalAccounts/ I referred to this documentation to get started. I followed those steps and changed some…
Wayne Yang
  • 9,016
  • 2
  • 20
  • 40
5
votes
1 answer

Azure AD B2C Sign-Up w/no user entry

I've set up Azure AD B2C to allow authentication by users from a "regular" AAD directory using custom policies as described here https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom. In one scenario I…
M Herbener
  • 584
  • 3
  • 18
4
votes
2 answers

B2C Custom Policy - Are SubJourney OutputClaims accessible in parent UserJourney

There appears to be limited documentation around sub journeys. https://learn.microsoft.com/en-us/azure/active-directory-b2c/subjourneys I have a problem where in my SubJourney, I read the user and get the object Id. In the main UserJourney, I later…
Jon McEroy
  • 505
  • 4
  • 11
4
votes
1 answer

Only "email" field can be passed via "id_token_hint" to B2C custom policy

I'm following this article to pass email and displayName as id_token_hint to my custom policy. Following is the technical profile I'm using to extract the data:
Alex
  • 734
  • 6
  • 29
4
votes
1 answer

How to check user exists in AD B2C, using custom policy?

I have a signup flow and it is working fine and it is multi-step: Contact details Verification Password And now the flow is, after completing all steps a new user will get created, if the user name already exists then in the last step I'm getting…
Alex
  • 734
  • 6
  • 29
4
votes
2 answers

Azure Active Directory B2C Custom Invite Policy - Passing Custom Claims Between Steps

I have implemented an invite policy (invite users to the site by sending them an email link) via this example https://github.com/azure-ad-b2c/samples/tree/master/policies/invite I have this user journey
user10962730
  • 979
  • 1
  • 7
  • 15
4
votes
1 answer

Azure AD B2C Sign-in Custom Policy remember user

We have a Sign-in Custom Policy setup in Azure AD B2C that customers use to log in our application. In the Standard B2C policies, users are rememberd and a menu is provided with the list of email addresses that have logged in from a particular…
Antonio González Mirón
  • 423
  • 1
  • 4
  • 14
4
votes
1 answer

Error 70001 trying to sign in as Azure AD B2C user with custom Identity Experience Framework policy

We have a Web App secured with Azure AD B2C using custom Identity Experience Framework policies to allow users to register and sign in with social identities (Microsoft, Google, Facebook), or with an identity from another federated Azure AD…
Jude Fisher
  • 11,138
  • 7
  • 48
  • 91
4
votes
1 answer

Azure AD B2C: Can the password reset verification code expire time be changed and where?

I'm using Azure AD B2C custom policies. Can the password reset verification code expire time be changed and where? Has the default expire time been documented somewhere because I can’t find it. It seems to be 5min.
RonaldV
  • 633
  • 3
  • 8
1
2 3
12 13