Set up sign-up and sign-in with an Amazon account using Azure Active Directory B2C

Create an app in the Amazon developer console

To use an Amazon account as a federated identity provider in Azure Active Directory B2C (Azure AD B2C), you need to create an application in your Amazon Developer Services and Technologies. If you don't already have an Amazon account, you can sign up at https://www.amazon.com/.

Note

Use the following URLs in step 8 below, replacing your-tenant-name with the name of your tenant. When entering your tenant name, use all lowercase letters, even if the tenant is defined with uppercase letters in Azure AD B2C.

  • For Allowed Origins, enter https://your-tenant-name.b2clogin.com
  • For Allowed Return URLs, enter https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp
  1. Sign in to the Amazon Developer Console with your Amazon account credentials.
  2. If you have not already done so, click Sign Up, follow the developer registration steps, and accept the policy.
  3. From the Dashboard, select Login with Amazon.
  4. Select Create a New Security Profile.
  5. Enter a Security Profile Name, Security Profile Description, and Consent Privacy Notice URL, for example https://www.contoso.com/privacy The privacy notice URL is a page that you manage that provides privacy information to users. Then click Save.
  6. In the Login with Amazon Configurations section, select the Security Profile Name you created, click on the Manage icon and select Web Settings.
  7. In the Web Settings section, copy the values of Client ID. Select Show Secret to get the client secret and then copy it. You need both of them to configure an Amazon account as an identity provider in your tenant. Client Secret is an important security credential.
  8. In the Web Settings section, select Edit. In Allowed Origins and Allowed Return URLs, enter the appropriate URLs (noted above).
  9. Click Save.

Configure an Amazon account as an identity provider

  1. Sign in to the Azure portal as the global administrator of your Azure AD B2C tenant.
  2. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your tenant.
  3. Choose All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
  4. Select Identity providers, then select Amazon.
  5. Enter a Name. For example, Amazon.
  6. For the Client ID, enter the Client ID of the Amazon application that you created earlier.
  7. For the Client secret, enter the Client Secret that you recorded.
  8. Select Save.