Azure AD B2C Identity Provider

Well a lot of you know how to setup the Azure AD B2C IdP, or another IdP with Portals, what I find is not many are aware of this registration claims and login claims mapping.

So I’ll link it below, incase you got some specific claim to want to use that maps to the contact entity, i.e. you map the IdP claim to the contact table(entity) column(attribute) in dataverse which can be at signup or signin.

Microsoft’s documentation has a wonderful explanation, I can’t say it any better than this. ❤️

Only the email claim is configured in these user flows. You can enable more claims—like first name and last name—in the flow’s User attributes and Application claims configuration by using the Azure portal.

If you enable more claims in addition to first name and last name, ensure that you edit the authentication provider and add them to the Registration claims mapping and Login claims mapping in Additional settings (this isn’t required for first name and last name). More information: Step 6 - additional settings for Azure AD B2C provider configuration

  • Registration claims mapping​: Not required if using email, first name, or last name attributes. For additional attributes, enter a list of logical name/claim pairs to be used to map claim values returned from Azure AD B2C (created during sign-up) to attributes in the contact record. Format: field_logical_name=jwt_attribute_name, where field_logical_name is the logical name of the field in portals and jwt_attribute_name is the attribute with the value returned from the identity provider. For example, if you’ve enabled Job Title (jobTitle) and Postal Code (postalCode) as User Attributes in your user flow, and you want to update the corresponding Contact table fields Job Title (jobtitle) and Address 1: ZIP / Postal Code (address1_postalcode), enter the claims mapping as jobtitle=jobTitle,address1_postalcode=postalCode.

  • Login claims mapping: Not required if using email, first name, or last name attributes. For additional attributes, enter a list of logical name/claim pairs to be used to map claim values returned from Azure AD B2C after sign-in to the attributes in the contact record. Format: field_logical_name=jwt_attribute_name where field_logical_name is the logical name of the field in portals, and jwt_attribute_name is the attribute with the value returned from the identity provider. For example, if you’ve enabled Job Title (jobTitle) and Postal Code (postalCode) as Application Claims in your user flow, and you want to update the corresponding Contact table fields Job Title (jobtitle) and Address 1: ZIP / Postal Code (address1_postalcode), enter the claims mapping as jobtitle=jobTitle,address1_postalcode=postalCode.

Conclusion 🐒

Don’t build something custom for this, it’s there already 😃

Resources: