Sharon explains various configuration settings and how to configure a password reset policy to be leveraged with B2C.
- [Instructor] Now that we have our application configured for our B2C Azure Active Directory and our identity provider, let's go ahead and configure some policies. As you can see, I've already logged into Azure. I'm in the B2C Directory, and we have several policies that we can go ahead and configure. You could configure the sign-up and sign-in policy individually, but for our demonstration, I'm going to go ahead and set them up together. To do so, click on the sign-up or sign-in policy, and you will notice, I do not have any policies so we'll go ahead and create one.
To do so, click add. I'm going to scroll over for a little bit more real estate for us. You're going to provide a name. Next we're going to go ahead and select our identity providers. We've only set up the one identity provider, being a Microsoft account, and by default, an email setup is already available to us. I'm going to take both of these, that way our users can pick and choose which one they want to work with.
Click okay. Next, select your attributes. This is the information that you'd like to be able to collect from the user. You may want to collect their city, or their display name, maybe their email address. I'm going to go ahead and just grab their email address for our demo. Click okay. Next is our application claims. This is information that we want sent back to our application. I'm going to go ahead and not choose anything here, I just wanted to show it to you.
Next we have multi-factor authentication. By turning this on, our users will have to provide a multi-factor authentication. Click okay. Finally, if we want to do some customizations to any of these pages, we can go ahead and do so. I'm going to leave them as default and I'll show you what this looks like. I'm going to go ahead and create our policy. Our policy has now been created. It can take a minute or two for these policies to be created so don't get worried if it doesn't pop up immediately.
I'm going to go ahead and click on our template here. Now if I click, run now, we'll be presented with what this will look like to our users. They can go ahead and sign in with their social account, and again here is our Microsoft account. We could have added in Facebook or Google+, or they can sign in with an existing account, and if they don't have an account, they can sign up now. I'm going to go ahead and close these blades. The last thing I want to show you here is the password reset policies.
Allowing your users to reset their own passwords will save you time and money. I'm going to go ahead and click add. Again, this is going to look very similar to what we've just done. Provide a name. An identity provider. In this case, they can only do it with the local account because it is a password reset. Click okay. Again, we'll see the application claims, as we saw when we built the other policy. Again, multi-factor.
Yes, I'm going to turn it on. Click okay. Finally, our page customization if we'd like to modify these pages at all. I'm not going to so I'm actually going to close this and then don't forget to click create. I'm going to go ahead and click run now so we can take a look at what this looks like from the user point of view. This is what your users will see when they need to reset their passwords. Setting up policies in a B2C Azure Active Directory is incredibly easy.
- Azure AD
- Adding company branding
- Adding a custom domain
- AD Connect configuration
- AD Connect Health
- Administering users and groups
- Configuring SaaS applications
- Granting conditional access
- Revoking access
- Application proxy and discovery
- Integrating web and desktop applications
- Creating an Azure AD B2C directory
- Registering an application
- Creating a Microsoft identity