JavaScriptShadow

Overview: Azure AD B2C custom policies are like the rules that define how users log in and interact with your app. Think of them as the blueprint for creating a secure and personalized user experience.

Key Features:

• Customizable UI & User Journeys: Imagine customizing the login page to match your app’s theme and guiding users through specific steps based on their actions.
• Integration with External Providers: You can allow users to log in using their Google or Facebook accounts, making it super convenient.
• Claims & Business Logic: Claims are like temporary data storage (e.g., user’s name or email) used during the login process. You can transform these claims to fit your app’s needs.

Starter Pack Policies:

• LocalAccounts: Users log in with local accounts only.
• SocialAccounts: Users log in with social accounts only.
• SocialAndLocalAccounts: Users can choose between local and social accounts.
• SocialAndLocalAccountsWithMFA: Adds multifactor authentication for extra security.

Claims:

• Definition: Claims are like variables in programming, storing user info temporarily during login. They are stored in a claims bag during this process. Each step pulls claims out of the bag, uses / changes them, and puts them back in the bag for the next step.
• Usage:
  • Saved, Read, Updated: E.g., updating user profile info.
  • External Providers: E.g., Google or Facebook logins.
  • User Interaction: Collected during sign-up/profile edit.
  • Transformed: Modified before being included in the token.

Customizing UI:

• Use self-asserted technical profiles to collect user info.
  • Technical profiles are interfaces created to communicate with different types of parties. All interactions where the user is expected to provide input are self-asserted technical profiles.
• Customize the UI with HTML content via content definition element.
• Localize strings using the localization element.

Relying Party Policy:

• Executes specific user journeys for relying party applications (service providers in SAML).
• Specifies user journey and claims in the token.

User Journeys & Orchestration Steps:

• User Journeys: Define the path users follow to access your app.
• Orchestration Steps: Steps to collect user info and present it to the app. Steps can be conditional based on preconditions.

Best Practices:

• Extension Policy: Create business logic here, not in the base policy.
• Technical Profile Inclusion: Reduce duplication by sharing core functionality.
• Avoid Directory Writes During Sign-In: Prevent throttling issues.
• High Availability: Ensure external dependencies (e.g., REST APIs) are highly available.
• Global Deployment: Use Azure CDN for custom HTML templates.

Troubleshooting:

• Use Application Insights to diagnose exceptions.
• Azure AD B2C extension for Visual Studio Code helps visualize logs.
• Use XML schema validation to identify errors.

Links:

• Azure AD B2C custom policy overview
• Azure AD B2C samples GitHub repository
• Claims schema
• Validation technical profile