Azure Active Directory B2C- (1) Basic concepts and creation and experience

Understand the concept of Azure Active Directory B2C;

Create Azure Active Directory B2C in Azure portal;

   Add applications and create keys in AAD B2C tenants;

   Add user flow in AAD B2C: registration and login;

   Experience registration and login user flow;

Video explanation:

You can watch the video explanation of this section at Station B:

Graphic explanation:

1. Related concepts:

Active Directory:

Active Directory (Active Directory): server and client computer management; user services: management of user domain accounts, user information, corporate address book (integrated with e-mail system), user group management, user identity authentication; network equipment such as printers and other networks Resource management; integration of application systems such as financial software, etc .;



Azure Active Directory:

Azure AD is a cloud identity and resource access service provided by Microsoft, helping employees / users / administrators to access some external resources and internal resources:

  • External resources, such as Microsoft Office 365, Azure portal, and thousands of other SaaS applications.

  • Internal resources, such as applications on company networks and intranets, as well as any cloud applications developed by your own organization.

In addition, Azure AD also allows you to map users and group information in the local Active Directory (AD) to Azure AD through the directory synchronization mechanism, allowing your customers to log in to your cloud service with their original Active Directory users .



Azure Active Directory B2C:

Also known as Azure AD B2C, it provides business-to-customer identity management services in the form of services to control how customers register when using iOS, Android, .NET, single page (SPA), and other applications in a custom way , Log in and manage their personal data . Customers use their preferred social, corporate, or local account ID for single sign-on access to applications and APIs.


AAD B2C function:

Single sign-on access using user-supplied ID

Azure AD B2C acts as a central authentication mechanism for web applications, mobile applications, and APIs, enabling you to build a single sign-on (SSO) solution for all these applications. Supports OpenID Connect, OAuth 2.0 and SAML.



Integration with external systems

Azure AD B2C provides a directory where 100 custom attributes for each user can be saved.  In addition, it can also be integrated with external systems. 


Support custom UI

For common functions such as user registration, login and modification of user information, AAD B2C provides the function of user flow. To put it bluntly, it provides the UI of these modules and can customize the style. 


2. Actually create AAD B2C tenants and experience:

Create an AAD B2C tenant:


Option to create new AAD B2C tenant



AAD B2C is a global service and there is no regional choice for North / East China.



Link the created tenant to the subscription (for billing)



At this point, the AAD B2C tenant is created.


Add application and create key in AAD B2C tenant




In this example, we assume WEB APP / WEB API program;

The reply URL is the user information completed through AAD B2C authentication and will be sent to this link address. Usually this address needs to be constructed by us, so that we can accept the user information returned to us by AAD B2C.

In this example, we used, which is a help page available at the development stage and provided by Microsoft. This page only displays the authentication results of AAD B2C users in the browser:



Next, create a key for the application. Each application can currently create two keys. The key is displayed only once. After the page is refreshed, the * will be displayed, so please save the key information.

This key will be used in subsequent steps, such as when applying for access to the token.


Add user flow in AAD B2C: registration and login

To put it simply, the user flow provides a web page for basic processes such as user registration / login / reset password / modify user information. This page has a variety of ready-made styles to choose from, and you can also customize the style. It also supports 38 languages After these configurations, you can make these pages look consistent with the web / app we designed.

In this example, we select the "register and log in" user flow.


By default, email is selected as the logo provider. We will introduce how to log in via Weibo / WeChat / LinkedIn or other services.

Select the required fields:



After clicking Confirm, you can create a user stream.

Experience registration and login user flow:

Click the created user stream to enter the user stream detail page, you can set the UI layout and multi-language settings, in this example we keep the default:

Click to run user flow, you can test the user flow, the test and the end user see the same effect.





The test user flow will open a new page for us, which requires us to log in with an email address and password, because we have not registered a user, the login fails:



Click Sign Up Now to jump to the registration page. Note that this page is also a pre-made page of AAD B2C. We can customize the UI to modify its layout:



First, the ownership of the mailbox will be verified by the verification code, then fill in the page according to the fields we set, and click the create button:



After the creation is successful, it will automatically jump to the reply URL we set:



A new user will be added to the user page of AAD B2C after the execution of this user flow is completed:



After the registered user stream is created, please try to reset the user stream by yourself.


This article is over!

Guess you like