Set redirect URLs to for Azure Active Directory B2C

When you set up an identity provider for sign-up and sign-in in your Azure Active Directory (Azure AD) B2C application, you need to specify a redirect URL. In the past, was used, now you should be using

Using gives you additional benefits, such as:

  • Space consumed in the cookie header by Microsoft services is reduced.
  • Your URLs no longer include a reference to Microsoft. For example,


You can use both the tenant name and the tenant GUID as follows:

  • (which still refers to
  • (in which case there is no reference to Microsoft at all)

However, you cannot use a custom domain for your Azure Active Directory B2C tenant, e.g. would not work.

Consider these settings that might need to change when using

  • Set the redirect URLs in your identity provider applications to use
  • Set your Azure AD B2C application to use for user flow references and token endpoints.
  • If you are using MSAL, you need to set the ValidateAuthority property to false.
  • Make sure that you change any Allowed Origins that you have defined in the CORS settings for user-interface customization.

Change redirect URLs

To use, in the settings for your identity provider application, look for and change the list of trusted URLs to redirect back to Azure AD B2C. Currently, you probably have it set up to redirect back to some site.

You'll need to change the redirect URL so that is authorized. Make sure to replace your-tenant-name with the name of your Azure AD B2C tenant and remove /te if it exists in the URL. There are slight variations to this URL for each identity provider so check the corresponding page to get the exact URL.

You can find set-up information for identity providers in the following articles:

Update your application

Your Azure AD B2C application probably refers to in several places, such as your user flow references and token endpoints. Make sure that your authorization endpoint, token endpoint, and issuer have been updated to use

Set the ValidateAuthority property

If you're using MSAL, set the ValidateAuthority property to false. When ValidateAuthority is set to false, redirects are allowed to

The following example shows how you might set the property:

In MSAL for .Net:

 ConfidentialClientApplication client = new ConfidentialClientApplication(...); // can also be PublicClientApplication
 client.ValidateAuthority = false;

And in MSAL for Javascript:

this.clientApplication = new UserAgentApplication(
    validateAuthority: false