Beginner's guide to Azure AD B2C SSO/SAML

Here is a beginner’s guide to setting up Single Sign-On (SSO) with Azure AD B2C using SAML:

  1. Choose a policy type: Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies.

  2. Register a SAML application in Azure AD B2C: You need to connect your Security Assertion Markup Language (SAML) applications (service providers) to Azure Active Directory B2C (Azure AD B2C) for authentication.

  3. Configure X509 certificates: To build a trust relationship between your application and Azure AD B2C, both services must be able to create and validate each other’s signatures. Configure X509 certificates in your application and in Azure AD B2C.

  4. Create a signing certificate for the SAML response: Azure AD B2C uses this certificate to sign the SAML response sent to your application. Your application reads the metadata public key for Azure AD B2C to validate the signature of the SAML response.

  5. Configure your application to accept the same value during SAML response validation: You can change the value of the metadata item in the SAML Token Issuer technical profile.

  6. Configure session behavior in Azure Active Directory B2C: This article describes how to further configure the single sign-on (SSO) behavior of any individual technical profile within your custom policy.

  7. Manage session claims: Depending on the session management provider chosen for a given technical profile, session behavior can be active or suppressed.

Please note that these steps are a general guide and the exact process may vary depending on your specific setup and requirements. Always refer to the official Microsoft documentation for the most accurate and up-to-date information.

Back to blog

Leave a comment

Please note, comments need to be approved before they are published.