Set up sign-up and sign-in with a Microsoft account using Azure Active Directory B2C

Create a Microsoft account application

To use a Microsoft account as an identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in the Azure AD tenant. The Azure AD tenant is not the same as your Azure AD B2C tenant. If you don't already have a Microsoft account, you can get one at https://www.live.com/.

  1. Sign in to the Azure portal.

  2. Make sure you're using the directory that contains your Azure AD tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your Azure AD tenant.

  3. Choose All services in the top-left corner of the Azure portal, and then search for and select App registrations.

  4. Select New registration.

  5. Enter a Name for your application. For example, MSAapp1.

  6. Under Supported account types, select Accounts in any organizational directory and personal Microsoft accounts (e.g. Skype, Xbox, Outlook.com). This option targets the widest set of Microsoft identities.

    For more information on the different account type selections, see Quickstart: Register an application with the Microsoft identity platform.

  7. Under Redirect URI (optional), select Web and enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp in the text box. Replace your-tenant-name with your Azure AD B2C tenant name.

  8. Select Register

  9. Record the Application (client) ID shown on the application Overview page. You need this when you configure the identity provider in the next section.

  10. Select Certificates & secrets

  11. Click New client secret

  12. Enter a Description for the secret, for example Application password 1, and then click Add.

  13. Record the application password shown in the VALUE column. You need this when you configure the identity provider in the next section.

Configure a Microsoft account as an identity provider

  1. Sign in to the Azure portal as the global administrator of your Azure AD B2C tenant.
  2. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your tenant.
  3. Choose All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
  4. Select Identity providers, then select Microsoft Account.
  5. Enter a Name. For example, MSA.
  6. For the Client ID, enter the Application (client) ID of the Azure AD application that you created earlier.
  7. For the Client secret, enter the client secret that you recorded.
  8. Select Save.