How to register Azure B2C tenant in the Azure API Managent (Manual)
From within the Azure API Manament portal there is a default authentication option for your API consumers. The better option is to configure a connection with an Azure B2C tenant. This will enable you to enforce MFA and conditional access policies on your API applications.
In this manual it might be best to open 2 tabs. One with your default Azure environment, and one with your Azure B2C Tenant. We will need to switch between the tenants, and you need to copy some fields.
STEP 1: From your Azure B2C tenant go to Azure AD B2C.
Go to User flows, and click New User flow
From the new slide there are a few options that we need to set.
- Fill in a title for your user flow.
- Select an MFA method.
- Select MFA enforcement, use Always on or Conditional
- If you select Conditional make sure to select Enforce conditional access policies
- Select the required attributes and tokens.
IMPORTANT: Copy the name of your just created flow! You need it in step 6
STEP 2: Go to your primary Azure Ad tenant to the API manager, go to Identities, click on Add, copy the Redirect URL.
STEP 3: Now switch back to your Azure B2C Tenant. Again go to the Azure AD B2C portal, and go to App registrations, and click on New registration
On the new blade, give the App registration a name. Select the following:
- Accounts in any identity provider or organization directory (for authenticating users with user flows)
- In the drop down: Single-page application (SPA)
- In the text field: The copied URL from step 2.
- Grant admin consent to openid and offline_access permissions
From the newly created app, copy the Application (client ID), you need it in step 6
In the application go to Certificates & secrets, and click on New client secret. In the new blade create a Description and an expiry date.
Now make sure that you copy the secret Value, you need it in step 6
STEP 5: From your Azure AD B2C tenant, go to overview, and copy your B2C Azure Domain name. You need it in the next step.
STEP 6: Now return tab with with your API Manager, and populate all fields with the information retrieved from the previous steps.
STEP 7: From the Azure API Management service go to Portal overview and Publish the change.
Give the publish a minute or 2, and then test your application, you should see your Azure Active Directory B2C tenant as an option
Special thanks to Dennis Backus for helping me with this manual.