question

KarikalanRamakrishn-2625 avatar image
0 Votes"
KarikalanRamakrishn-2625 asked amanpreetsingh-msft commented

Can we have two sets of Azure B2C sign-in custom policies for the application?

I have a requirement to project different type of B2C sign-in page to end user? For example, User type-1: will be using the user name or email-id to sign-in with self service password reset option. (B2C_1A_SIGNUP_SIGNIN - File 1)

User type-2: Will be signing in only by using the user name and no Forgot password link and self service password reset option provided. (B2C_1A_SIGNUP_SIGNIN - File 2)

Based on my understanding, I will have to create two different custom policy for user type 1 & 2? Is that right? If yes, how about B2C_1A_TRUSTFRAMEWORKBASE and B2C_1A_TRUSTFRAMEWORKEXTENSIONS files - do I need to have seperate copy of these w.r.t user type please? Thanks.

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered amanpreetsingh-msft commented

Hi @KarikalanRamakrishn-2625 • Thank you for reaching out.

Yes, you will have to create two set of policy files. You can choose to create two separate chains, as mentioned below:

  • B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN

  • B2C_1A_TRUSTFRAMEWORKBASE1 > B2C_1A_TRUSTFRAMEWORKEXTENSIONS1 > B2C_1A_SIGNUP_SIGNIN1

However, it is not necessary to use 2 set of policy files, if you want to use 2 RP (B2C_1A_SIGNUP_SIGNIN) files. You may also consider creating 2 separate user journeys in your B2C_1A_TRUSTFRAMEWORKBASE or B2C_1A_TRUSTFRAMEWORKEXTENSIONS file, e.g., <UserJourney Id="SignUpOrSignIn"> and <UserJourney Id="SignUpOrSignIn1">.

Once you have the two User Journeys configured, in B2C_1A_SIGNUP_SIGNIN file you can reference <DefaultUserJourney ReferenceId="SignUpOrSignIn" /> and in B2C_1A_SIGNUP_SIGNIN1 file, reference <DefaultUserJourney ReferenceId="SignUpOrSignIn1" />

If you use this configuration, the policy file chains will look like:

  • B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN

  • B2C_1A_TRUSTFRAMEWORKBASE > B2C_1A_TRUSTFRAMEWORKEXTENSIONS > B2C_1A_SIGNUP_SIGNIN1


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks Aman, Great guidance. I will try with first option as its seems to be less complicated by maintaining the custom policies.
Another reason behind for preferring option-1, I'm using Idp initiated sign-in URL by following below syntax. Option-1 allows distinguish the filename B2C_1A_SIGNUP_SIGNIN1 and specify it in below URL ?

i.e. https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN1/generic/login?EntityId=app-identifier-uri

P.S: I appreciate if you can check another related question linked with this idp initiated URL please? https://docs.microsoft.com/en-us/answers/questions/513010/how-to-pass-login-hint-when-using-idp-initiated-si.html

Thanks again.

Regards.

0 Votes 0 ·

Hi @KarikalanRamakrishn-2625 · The name of RP File (SIGNUP_SIGNIN) will be different in both cases. In option 1, all three files have different names and in option 2, Base and Extensions files will be same only the RP files are different. Regardless of which option you choose, you can specify the name of the RP File (SIGNUP_SIGNIN) in the URL you have mentioned above. B2C supports 200 policy files to be uploaded, so you can choose to go with option 2 without worrying about exhausting the allowed limit of policy files.

Sure, I will check and post an answer to your other question. Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 Vote 1 ·