Azure B2C Configuration

These steps outline how to configure your Azure B2C Tenant for ebs Ontrack web app external authentication by email address.

Note: These instructions outline the use of the Local Identity Provider (Local Account) only

Preparing your Azure B2C Tenant

1. Log in to your Azure B2c tenant

2. Select Identity providers and ensure that Local account - email is available.
   

3. Configure an Azure B2C user flow

   Note: It is recommended to define the user flow as Signup and Signin. This allows users to directly signup.

4. Enable Email signup for Local accounts in the workflow.
   

5. Select the required User Attributes to be collected by Azure B2C to signup a user.

   Note: We recommend keeping the attributes to a minimum. Only Email Address is required for signup

6. Select the required Application Claims to be returned to ebs ontrack web apps.

   Note: Only the Email Address claim (token tag =email) is required for signup.

7. Record the name of the User Flow to create your External authentication ontrack URL.

Configure Azure B2C App Registrations

Azure B2C App Registrations can be defined to cover one Ontrack Web app, or all the Ontrack web apps for a single environment.

Note: For security reasons using a single registration for multiple environments is not recommended.

1. Create an App registration on you Azure B2C Tenant

2. Ensure that the Account Type supports any Identity Provider Directory for authentication by a User Flow.

3. Add your ebs Ontrack Web Apps URLs to the Redirect URI list.

   Note: We recommend adding https://jwt.io to the list as well to decode the token produced by a test run of the User Flow. this is useful for confirming claim details retuned to ebs after successful authentication of an existing ebs user.

4. Enable Access tokens and ID tokens to be issued by the authorisation endpoint.

5. Record the Application (Client) ID for use in Identity Server institution settings.

6. From the list of endpoints record the Azure AD B2C OpenID Connect metdata-document URL to create your External authentication ontrack URL.

Create your External Authentication Ontrack URL

To configure the Identity Server institution settings in a later step you will need to have your external ontrack URL. This URL is used in the following settings:

• External authentication ontrack Learner Hub URL

• External authentication ontrack Hub URL

It is made by combining the User Flow name and the Azure AD B2C OpenID Connect metdata-document URL.

1. Replace <policy name> with the User Flow name .

2. Delete any characters after /v2.0/.

eg.

User Flow = B2C_1_TribalebsB2CTest_SignUpSignIn01

Azure AD B2C OpenID Connect metdata-document URL = https://TribalebsB2CTest.b2clogin.com/TribalebsB2CTest.onmicrosoft.com/<policy name> /v2.0/well-known/openid-configuration

combine to give:

External authentication Ontrack URL = https://TribalebsB2CTest.b2clogin.com/TribalebsB2CTest.onmicrosoft.com/B2C_1_TribalebsB2CTest_SignUpSignIn01/v2.0/

Next Step - Configure ebs for External Authentication