User can sign on to Azure B2C with social account(FB, Google) but want to SSO to SAML app at Azure AD (AZure AD is IDP). Is this possible? if yes, please send me any DOCs Thanks
Hi @BlackCat-8490 · Thank you for reaching out.
In this scenario, for SSO experience to SAML based app, I would suggest you to directly federate the application with B2C tenant. Azure AD B2C can act as SAML IDP for the SAML based applications and at the same time it can act as Service Provider for other IDPs such as FB/Google/ADFS/Salesforce etc.
If you have above setup working, users accessing SAML based app will get redirected to B2C signup/signin page and they can select any IDP be it B2C tenant itself or other IDPs such as FB/Google/ADFS/Salesforce/other Azure AD tenant etc. to sign into the SAML application.
To see this in action, please perform below steps:
1. Access my Test SAML APP (https://samltestapp2.azurewebsites.net/SP)
2. Enter below values and click on login button:
3. You will then be redirected to my B2C Signup/Signin page, where you can sign up for local account or use your FB or Azure AD account to sign into the application.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Based on your comment, looks like I have to reconfigure the SAML2 app with Azure B2C instead of Azure AD. Is there an just like WHR parameter which will allow user to go directly to the Idp their accounts belong to? Try to minimize the change in user experience.
4 people are following this question.