Custom policy configuration in Azure Active Directory B2C is now generally available. This method of configuration is targeted at advanced identity developers building complex identity solutions. Custom policies make the power of the Identity Experience Framework available in Azure AD B2C tenants.
Advanced identity developers using custom policies should plan to invest some time completing walk-throughs and reading reference documents.
While most of the custom policy options available are now generally available, there are underlying capabilities, such as technical profile types and content definition APIs that are at different stages in the software lifecycle. Many more are coming. The table below specifies the level of availability at a more granular level.
Features that are generally available
Author and upload custom authentication user journeys by using custom policies.
Describe user journeys step-by-step as exchanges between claims providers.
Define conditional branching in user journeys.
Interoperate with REST API-enabled services in your custom authentication user journeys.
Federate with identity providers that are compliant with the OpenIDConnect protocol.
Federate with identity providers that adhere to the SAML 2.0 protocol.
Responsibilities of custom policy feature-set developers
Manual policy configuration grants lower-level access to the underlying platform of Azure AD B2C and results in the creation of a unique, trust framework. The many possible permutations of custom identity providers, trust relationships, integrations with external services, and step-by-step workflows require a methodical approach to design and configuration.
Developers consuming the custom policy feature set should adhere to the following guidelines:
Become familiar with the configuration language of the custom policies and key/secrets management. For more information, see TrustFrameworkPolicy.
Take ownership of scenarios and custom integrations. Document your work and inform your live site organization.
Perform methodical scenario testing.
Follow software development and staging best practices with a minimum of one development and testing environment and one production environment.
Stay informed about new developments from the identity providers and services you integrate with. For example, keep track of changes in secrets and of scheduled and unscheduled changes to the service.