Azure Active Directory B2C documentation

Azure Active Directory B2C (Azure AD B2C) is a customer identity access management (CIAM) solution that enables you to sign up and sign in your customers into your apps and APIs. Your customers use their preferred social, enterprise, or local account identities to get single sign-on access to your applications. Learn how to use Azure AD B2C with our guide, tutorials, and code samples.

• Azure AD B2C Documentation
• Overview
  • About Azure AD B2C
  • Technical overview
  • What's new in docs?
• Quickstarts
  • Set up sign-in for an ASP.NET app
  • Set up sign-in for a desktop app
  • Set up sign-in for a single-page app
• Tutorials
  • 1 - Create an Azure AD B2C tenant
  • 2 - Register a web application
  • 3 - Create user flows and custom policies
  • 4 - Manage your tenant
    • Add administrator work account
    • Manage emergency access
    • Check tenant creation permission
    • Find tenant name and ID
    • Manage directory quota
  • 5 - Clean up and delete tenant
• Samples
  • Integrate Azure AD B2C with your applications
  • Use API connectors to modify your user flows
• Concepts
  • Compare solutions for External Identities
  • Supported Microsoft Entra ID features
  • Learn authentication basics
    • Authentication and authorization
    • Tokens
    • Application authentication request
    • Authentication library
  • Azure AD B2C global identity framework
    • Global identity solutions
    • Funnel-based design
    • Region-based design
    • Funnel-based proof of concept
    • Region-based proof of concept
  • Azure AD B2C best practices
  • Application types
  • Authentication protocols
    • OAuth2 protocol
    • OpenID Connect protocol
    • Authorization Code grant flow
    • Implicit flow
    • Tokens
    • Request access token
  • User experience
    • Sign-in options
    • User flows and custom policies
    • Custom policy overview
  • API Connectors
  • User accounts
  • User profile attributes
  • Roles and resource access control
  • Identity Protection and Conditional Access
  • Policy keys
• How-to guides
  • Authenticate and authorize
    • Register and configure apps
      • Register apps
      • Register a single-page application SPA
      • Register a web application
      • Register native client for mobile and desktop
      • Register a web API application
      • Register daemon apps client credentials
      • Register a Microsoft Graph application
      • Register a SAML application
      • Publish app in Microsoft Entra app gallery
    • Create a user flow or custom policy
      • Sign-up or sign-in policy
      • Sign-in policy
      • Password reset policies
        • Self-service password reset
        • Self-service password change
        • Force password reset
      • Profile editing policy
      • Client credentials policy
      • Resource owner password credentials policy
      • Phone sign-up and sign-in
    • Integrate apps
      • Single-page app SPA
        • SPA authentication documentation
        • JavaScript
          • Configure a sample SPA app
          • Enable authentication in an SPA app
          • Authentication options
        • React
          • Configure a sample React app
          • Enable authentication in your React app
          • Authentication options
        • Angular
          • Configure a sample Angular app
          • Enable authentication in your Angular app
          • Authentication options
      • Web app
        • Web app authentication documentation
        • ASP.NET Core
          • Configure a sample web app
          • Enable authentication in your web app
          • Authentication options
        • Node.js
          • Configure a sample Node.js web app
          • Enable authentication in Node.js web app
          • Authentication options
        • Python
          • Configure a sample Python web app
          • Enable authentication in a Python web app
          • Authentication options
        • Azure web apps
          • Configure an Azure Web App
          • File based configuration
        • Static web apps
          • Configure an Azure Static Web App
          • Authentication options
      • Web API
        • Web API authentication documentation
        • ASP.NET Core web app that calls a web API
          • Configure a sample web app that calls a web API
          • Enable authentication in a web app
          • Authentication options
        • Node.js web app that calls a web API
          • Configure a sample Node.js web API
          • Enable authentication in Node.js web API
          • Authentication options
        • Secure access to Web API ASP.NET Core and Node.js
        • Secure API Management API
      • Mobile app
        • Mobile app authentication documentation
        • Android Java and Kotlin
          • Configure a sample Android app
          • Enable authentication in an Android app
          • Authentication options
        • iOS Swift
          • Configure a sample iOS app
          • Enable authentication in your iOS app
          • Authentication options
      • WPF desktop app
        • Desktop app authentication documentation
        • Configure a sample desktop app
        • Authentication options
      • Daemon or service client credentials flow
      • Microsoft Power Apps
      • SAML application
        • Configure a SAML application
        • Configure SAML application options
    • Configure identity providers
      • Local account identity provider
      • Add an identity provider
      • AD FS OpenID Connect
      • AD FS SAML
      • Amazon
      • Apple
      • Microsoft Entra ID single tenant
      • Microsoft Entra ID multitenant
      • Azure AD B2C
      • eBay
      • Facebook
      • Generic OpenId Connect
      • Generic SAML identity provider
        • Configure a SAML identity provider
        • Configure SAML identity provider options
      • GitHub
      • Google
      • ID.me
      • itsme
      • LinkedIn
      • Microsoft Account
      • Mobile ID
      • PingOne Ping Identity
      • QQ
      • Salesforce
      • Salesforce SAML
      • SwissID
      • WeChat
      • Weibo
      • X
      • Pass through identity provider token
    • Manage tokens and session
      • Configure session behavior
      • Configure tokens
      • Set up direct sign-in
  • Manage users
    • Manage users via Azure portal
    • Migrate users
    • Partner integration
      • N8identity
      • Grit IAM B2B2C
      • Saviynt
      • WhoIAM Rampart
  • Customize
    • Define custom attributes
    • Customize the UI/UX
      • Configure user input
      • Customize the UI
      • Customize the UI with HTML template
      • Enable JavaScript and page layouts
      • Embedded sign-in with iframe
      • Password complexity
      • Disable email verification
    • Customize language
    • Use API connectors
      • Modify sign-up experiences
      • Enrich tokens with external claims
      • Secure an API connector
    • Use custom domains
      • b2clogin.com overview
      • Configure a custom domain
      • Configure web API domains
    • Customize email verification
      • Mailjet
      • SendGrid
    • UserInfo endpoint
    • Integrate with our technology partners
      • Azure AD B2C partner gallery
    • Custom policies guide series
      • 1 - Overview
      • 2 - Create Hello World custom policies
      • 3 - Collect user input using custom policy
      • 4 - Validate user input custom policy
      • 5 - Create branching in user journeys
      • 6 - Validate custom policy files
      • 7 - Make HTTP call from custom policy
      • 8 - Create and read user record custom policy
      • 9 - Sign up and sign in local account
      • 10 - Sign up and sign in social account
  • Secure
    • Security overview
    • Enable MFA
      • Multifactor authentication
      • Secure phone-based MFA
      • Partner integration
        • Asignio
        • BlokSec
        • Haventec
        • HYPR
        • IDEMIA
        • itsme
        • Keyless
        • Nevis
        • Nok Nok
        • Transmit Security for passwordless
        • Trusona
        • Twilio
        • TypingDNA
        • WhoIAM
        • xID
    • Enable CAPTCHA
    • Web Application Firewall partners
      • Akamai
      • Azure WAF
      • Cloudflare
    • Fraud protection partners
      • Arkose Labs
      • BioCatch
      • Microsoft Dynamics 365 Fraud Protection
      • Transmit Security
    • Investigate risk with Identity Protection
    • Configure Conditional Access
    • Mitigate credential attacks
    • Secure access to legacy and on-premises apps
      • Akamai
      • Datawiza
      • F5
      • Grit
      • Ping Identity
      • Strata
      • Zscaler
    • Identity verification and proofing
      • Identity verification and proofing partners
      • Deduce
      • eID-Me
      • Experian
      • IDology
      • Jumio
      • LexisNexis
      • Onfido
    • Identity verification tools
      • Grit IEF editor
      • Grit biometric authentication
  • Automate
    • Manage operation with Microsoft Graph API
    • Deploy with Azure Pipelines
    • Deploy with GitHub Actions
    • Manage policies with PowerShell
  • Monitor and troubleshoot
    • Monitoring and threat management
      • Azure Monitor
      • Microsoft Sentinel
    • Troubleshooting
      • Collect logs using Application Insights
      • Troubleshooting and error handling
    • Logs
      • Audit logs
      • Usage analytics
  • Compliance
    • User access
    • User data
    • Configure age gating
• Reference
  • Custom policy schema
    • TrustFrameworkPolicy
    • BuildingBlocks
      • ClaimsSchema
      • ClaimsTransformations
        • Boolean
        • Date
        • General
        • Integer
        • JSON
        • Phone number
        • External accounts
        • StringCollection
        • String
      • Predicates
      • ContentDefinitions
      • Localization
        • Localization string IDs
      • DisplayControls
        • Verification
        • Time-based one-time password TOTP
        • CAPTCHA verification
    • ClaimsProviders
      • Technical Profiles
        • About validation technical profiles
        • Microsoft Entra ID
        • Microsoft Entra multifactor authentication
        • Microsoft Entra SSPR
        • Claims transformation
        • Conditional access
        • ID token hint
        • JWT token issuer
        • OAuth1 identity provider
        • OAuth2 identity provider
        • OAuth2 custom error
        • One-time password
        • OpenID Connect identity provider
        • Phone factor
        • REST
        • SAML identity provider
        • SAML token issuer
        • Self-asserted
        • SSO session
        • CAPTCHA
    • UserJourneys
    • SubJourneys
    • RelyingParty
    • Claim resolvers
  • Release notes
  • Service limits and restrictions
  • TLS and cipher suite requirements
  • App registrations
  • Billing model
  • Code samples
  • Cookie definitions
  • Error codes
  • Extensions app
  • Page layout versions
  • Region availability & data residency
  • Build for resilience
    • Azure AD B2C introduction to resilience
    • End-user experience
    • Interfaces with external processes
    • Azure AD B2C developer best practices
    • Monitoring and analytics
  • User flow versions
  • Legacy user flow versions
• Resources
  • Frequently asked questions
  • Getting help
  • Pricing
  • Pricing calculator
  • Service updates
  • Solutions and training
  • Stack Overflow
  • Support
  • Videos