Tutorial: Register an application in Azure Active Directory B2C

Before your applications can interact with Azure Active Directory (Azure AD) B2C, they must be registered in a tenant that you manage. This tutorial shows you how to register a web application using the Azure portal.

In this article, you learn how to:

  • Register a web application
  • Create a client secret

If you don't have an Azure subscription, create a free account before you begin.


If you haven't already created your own Azure AD B2C Tenant, create one now. You can use an existing Azure AD B2C tenant.

Register a web application

  1. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the Directory and subscription filter in the top menu and choosing the directory that contains your tenant.

  2. Choose All services in the top-left corner of the Azure portal, and then search for and select Azure AD B2C.

  3. Select Applications, and then select Add.

  4. Enter a name for the application. For example, webapp1.

  5. For Include web app/ web API and Allow implicit flow, select Yes.

  6. For Reply URL, enter an endpoint where Azure AD B2C should return any tokens that your application requests. For example, you can set it to listen locally at https://localhost:44316 If you don't yet know the port number, you can enter a placeholder value and change it later. For testing purposes you could set it to https://jwt.ms, which displays the contents of a token for inspection. For this tutorial, set it to https://jwt.ms.

    The reply URL must begin with the scheme https, and all reply URL values must share a single DNS domain. For example, if the application has a reply URL of https://login.contoso.com, you can add to it like this URL https://login.contoso.com/new. Or, you can refer to a DNS subdomain of login.contoso.com, such as https://new.login.contoso.com. If you want to have an application with login-east.contoso.com and login-west.contoso.com as reply URLs, you must add those reply URLs in this order: https://contoso.com, https://login-east.contoso.com, https://login-west.contoso.com. You can add the latter two because they're subdomains of the first reply URL, contoso.com.

  7. Click Create.

Create a client secret

If your application exchanges a code for a token, you need to create an application secret.

  1. Select Keys and then click Generate key.
  2. Select Save to view the key. Make note of the App key value. You use the value as the application secret in your application's code.

Next steps

In this article, you learned how to:

  • Register a web application
  • Create a client secret