Tutorial: Create user flows in Azure Active Directory B2C

In your applications you may have user flows that enable users to sign up, sign in, or manage their profile. You can create multiple user flows of different types in your Azure Active Directory B2C (Azure AD B2C) tenant and use them in your applications as needed. User flows can be reused across applications.

In this article, you learn how to:

  • Create a sign-up and sign-in user flow
  • Create a profile editing user flow
  • Create a password reset user flow

This tutorial shows you how to create some recommended user flows by using the Azure portal. If you're looking for information about how to set up a resource owner password credentials (ROPC) flow in your application, see Configure the resource owner password credentials flow in Azure AD B2C.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

Register your applications that are part of the user flows you want to create.

Create a sign-up and sign-in user flow

The sign-up and sign-in user flow handles both sign-up and sign-in experiences with a single configuration. Users of your application are led down the right path depending on the context.

  1. Sign in to the Azure portal.

  2. Make sure you're using the directory that contains your Azure AD B2C tenant by selecting the Directory + subscription filter in the top menu and choosing the directory that contains your tenant.

    Directory and Subscription filter with B2C tenant selected

  3. Choose All services in the top-left corner of the Azure portal, and then search for and select Azure AD B2C.

  4. In the left menu under Policies, select User flows (policies), and then select New user flow.

    User flows page in portal with New user flow button highlighted

  5. On the Recommended tab, select the Sign up and sign in user flow.

    Select a user flow page with Sign up and sign in flow highlighted

  6. Enter a Name for the user flow. For example, signupsignin1.

  7. For Identity providers, select Email signup.

    Create user flow page in Azure portal with properties highlighted

  8. For User attributes and claims, choose the claims and attributes that you want to collect and send from the user during sign-up. For example, select Show more, and then choose attributes and claims for Country/Region, Display Name, and Postal Code. Click OK.

    Attributes and claims selection page with three claims selected

  9. Click Create to add the user flow. A prefix of B2C_1 is automatically appended to the name.

Test the user flow

  1. Select the user flow you created to open its overview page, then select Run user flow.

  2. For Application, select the web application named webapp1 that you previously registered. The Reply URL should show https://jwt.ms.

  3. Click Run user flow, and then select Sign up now.

    Run user flow page in portal with Run user flow button highlighted

  4. Enter a valid email address, click Send verification code, enter the verification code that you receive, then select Verify code.

  5. Enter a new password and confirm the password.

  6. Select your country and region, enter the name that you want displayed, enter a postal code, and then click Create. The token is returned to https://jwt.ms and should be displayed to you.

  7. You can now run the user flow again and you should be able to sign in with the account that you created. The returned token includes the claims that you selected of country/region, name, and postal code.

Create a profile editing user flow

If you want to enable users to edit their profile in your application, you use a profile editing user flow.

  1. In the left menu of the Azure AD B2C tenant overview page, select User flows (policies), and then select New user flow.
  2. Select the Profile editing user flow on the Recommended tab.
  3. Enter a Name for the user flow. For example, profileediting1.
  4. For Identity providers, select Local Account SignIn.
  5. For User attributes, choose the attributes that you want the customer to be able to edit in their profile. For example, select Show more, and then choose both attributes and claims for Display name and Job title. Click OK.
  6. Click Create to add the user flow. A prefix of B2C_1 is automatically appended to the name.

Test the user flow

  1. Select the user flow you created to open its overview page, then select Run user flow.
  2. For Application, select the web application named webapp1 that you previously registered. The Reply URL should show https://jwt.ms.
  3. Click Run user flow, and then sign in with the account that you previously created.
  4. You now have the opportunity to change the display name and job title for the user. Click Continue. The token is returned to https://jwt.ms and should be displayed to you.

Create a password reset user flow

To enable users of your application to reset their password, you use a password reset user flow.

  1. In the left menu, select User flows (policies), and then select New user flow.
  2. Select the Password reset user flow on the Recommended tab.
  3. Enter a Name for the user flow. For example, passwordreset1.
  4. For Identity providers, enable Reset password using email address.
  5. Under Application claims, click Show more and choose the claims that you want returned in the authorization tokens sent back to your application. For example, select User's Object ID.
  6. Click OK.
  7. Click Create to add the user flow. A prefix of B2C_1 is automatically appended to the name.

Test the user flow

  1. Select the user flow you created to open its overview page, then select Run user flow.
  2. For Application, select the web application named webapp1 that you previously registered. The Reply URL should show https://jwt.ms.
  3. Click Run user flow, verify the email address of the account that you previously created, and select Continue.
  4. You now have the opportunity to change the password for the user. Change the password and select Continue. The token is returned to https://jwt.ms and should be displayed to you.

Next steps

In this article, you learned how to:

  • Create a sign-up and sign-in user flow
  • Create a profile editing user flow
  • Create a password reset user flow

Next, learn about adding identity providers to your applications to enable user sign-in with providers like Azure AD, Amazon, Facebook, GitHub, LinkedIn, Microsoft, or Twitter.