Tutorial: Register an application in Azure Active Directory B2C

Before your applications can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. This tutorial shows you how to register a web application using the Azure portal.

In this article, you learn how to:

  • Register a web application
  • Create a client secret

If you don't have an Azure subscription, create a free account before you begin.


If you haven't already created your own Azure AD B2C Tenant, create one now. You can use an existing Azure AD B2C tenant.

Register a web application

To register an application in your Azure AD B2C tenant, you can use the current Applications experience, or our new unified App registrations (Preview) experience. Learn more about the new experience.

  1. Sign in to the Azure portal.

  2. Select the Directory + Subscription icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.

  3. In the Azure portal, search for and select Azure AD B2C.

  4. Select Applications, and then select Add.

  5. Enter a name for the application. For example, webapp1.

  6. For Include web app/ web API and Allow implicit flow, select Yes.

  7. For Reply URL, enter an endpoint where Azure AD B2C should return any tokens that your application requests. For example, you could set it to listen locally at https://localhost:44316. If you don't yet know the port number, you can enter a placeholder value and change it later.

    For testing purposes like this tutorial you can set it to https://jwt.ms which displays the contents of a token for inspection. For this tutorial, set the Reply URL to https://jwt.ms.

    The following restrictions apply to reply URLs:

    • The reply URL must begin with the scheme https.
    • The reply URL is case-sensitive. Its case must match the case of the URL path of your running application. For example, if your application includes as part of its path .../abc/response-oidc, do not specify .../ABC/response-oidc in the reply URL. Because the web browser treats paths as case-sensitive, cookies associated with .../abc/response-oidc may be excluded if redirected to the case-mismatched .../ABC/response-oidc URL.
  8. Select Create to complete the application registration.

Create a client secret

If your application exchanges an authorization code for an access token, you need to create an application secret.

  1. In the Azure AD B2C - Applications page, select the application you created, for example webapp1.
  2. Select Keys and then select Generate key.
  3. Select Save to view the key. Make note of the App key value. You use this value as the application secret in your application's code.

Next steps

In this article, you learned how to:

  • Register a web application
  • Create a client secret

Next, learn how to create user flows to enable your users to sign up, sign in, and manage their profiles.