Enable Age Gating in Azure Active Directory B2C
This feature is in public preview. Do not use feature for production applications.
Age gating in Azure Active Directory B2C (Azure AD B2C) enables you to identify minors that want to use your application. You can choose to block the minor from signing into the application. Users can also go back to the application and identify their age group and their parental consent status. Azure AD B2C can block minors without parental consent. Azure AD B2C can also be set up to allow the application to decide what to do with minors.
After you enable age gating in your user flow, users are asked when they were born and what country/region they live in. If a user signs in that hasn't previously entered the information, they'll need to enter it the next time they sign in. The rules are applied every time a user signs in.
Azure AD B2C uses the information that the user enters to identify whether they're a minor. The ageGroup field is then updated in their account. The value can be
NotAdult. The ageGroup and consentProvidedForMinor fields are then used to calculate the value of legalAgeGroupClassification.
Age gating involves two age values: the age that someone is no longer considered a minor, and the age at which a minor must have parental consent. The following table lists the age rules that are used for defining a minor and a minor requiring consent.
|Country/Region||Country/Region name||Minor consent age||Minor age|
|AE||United Arab Emirates||None||21|
|KR||Korea, Republic of||14||18|
Age gating options
Allowing minors without parental consent
For user flows that allow either sign-up, sign-in, or both, you can choose to allow minors without consent into your application. Minors without parental consent are allowed to sign in or sign up as normal and Azure AD B2C issues an ID token with the legalAgeGroupClassification claim. This claim defines the experience that users have, such as collecting parental consent and updating the consentProvidedForMinor field.
Blocking minors without parental consent
For user flows that allow either sign-up, sign-in or both, you can choose to block minors without consent from the application. The following options are available for handling blocked users in Azure AD B2C:
- Send a JSON back to the application - this option sends a response back to the application that a minor was blocked.
- Show an error page - the user is shown a page informing them that they can't access the application.
Set up your tenant for age gating
To use age gating in a user flow, you need to configure your tenant to have additional properties.
- Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu. Select the directory that contains your tenant.
- Select All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
- Select Properties for your tenant in the menu on the left.
- Under the Age gating section, click on Configure.
- Wait for the operation to complete and your tenant will be set up for age gating.
Enable age gating in your user flow
After your tenant is set up to use age gating, you can then use this feature in user flows where it's enabled. You enable age gating with the following steps:
- Create a user flow that has age gating enabled.
- After you create the user flow, select Properties in the menu.
- In the Age gating section, select Enabled.
- You then decide how you want to manage users that identify as minors. For Sign-up or sign-in, you select
Allow minors to access your applicationor
Block minors from accessing your application. If blocking minors is selected, you select
Send a JSON back to the applicationor
Show an error message.