🔏
Azure Serverless Quickstart
  • Introduction
  • Initial Setup
    • Workstation Installs
    • Codebase
      • Directory Structure
      • User Interface Project
        • Configuring StoryBook
        • Configure Tailwind
        • Configure Craco
        • -Architectural Decision Log
      • Data Access Project
        • DDD
      • Untitled
      • Full Stack Debugging
      • Creating GitHub Project
    • Infrastructure
      • Configure Session Behavior
      • Create AAD Tenant
      • Resource Group
      • Create AAD B2C Instance
        • Identity Experience Framework
        • Configure Session Behavior
      • Storage Account & CDN
        • CDN Rules
        • Configure Azure BLOB Storage
      • App Insights
        • Create AppInsight Account
        • Apollo GraphQL App Insights Configuration
      • CosmosDB
      • Twilio SendGrid
      • KeyVault
      • Function
      • Function App Settings
      • Front Door
      • DevOps
      • Optional Items
        • Azure Data Factory
      • Azure Event Hub
    • CICD and Source Control
      • Azure DevOps
      • SonarCloud
        • Incorporate into Yaml
      • Chromatic
      • User Interface YAML
      • CICD for Data Access
        • Create Pipeline
        • Data Access YAML
  • Application Structure
    • Connect Apollo
      • Apollo Overview
      • Create Apollo Component
    • MongoDB Integration
      • Mappings
      • Directory Structure
      • Apollo Connection
      • Models
      • Queries Mutations and Subscriptions
      • Caching Reponses
    • Integrating GraphQL Tools
      • GraphQL Code Generator
    • Feature Flags
      • Flag Structure & Storage
      • Website Integration
      • Apollo Integration
      • Tips and Techniques
      • Alternative Approaches
    • React Router
    • Adding Authentication
      • Create AAD Applications
      • Configure AAD For External Identities
      • Adding MSAL And React
      • Add MSAL to the build
      • Add MSAL to ApolloClient
      • Add MSAL to ApolloServer
    • Ant Design
    • Jest Tests
  • Azure Active Directory Business-to-Consumer (AD B2C)
    • Introduction
    • How to navigate through AD B2C documentation
    • Localization
    • Abbreviations
    • Azure AD B2C Extension
  • Cognitive Search
  • Cost Analysis
  • Technical Architecture
    • Identity and Access Control
  • Adding Functionality
    • Google Analytics
      • Create Analytics
    • DAPR
      • DAPR setup
      • DAPR Services (ignore for now)
        • Identity
  • Patterns and Practices
    • Idempotent Messages
    • Pathways
    • DDD
      • Initial Setup
        • Aggregate Root
        • Entity
        • Value Object
      • Field Types
        • Primitive Types
        • Non-Primitive Types
          • Types.DocumentArray
          • PopulatedDoc
          • Custom Types
      • Example Walkthrough
  • Open Items
    • Issue Tracking
  • Helpful Resources
  • DDD
    • Page 1
  • Experimental
    • StaticWebApp
    • Azure Maps
Powered by GitBook
On this page
  • Customizing and validating additional details
  • Creating API Connector
  • Link API Connector to User Flow
  • (Optional) Add User Attributes
  • Notes:

Was this helpful?

  1. Application Structure
  2. Adding Authentication

Configure AAD For External Identities

PreviousCreate AAD ApplicationsNextAdding MSAL And React

Last updated 4 years ago

Was this helpful?

One of the requirements is to allow the general public to log into the application, this can be achieved by using AAD self-service sign-up for External Identities.

Microsoft's Documentation will help out here, follow the steps in the articles below to get going:

    • Be sure to follow the procedure as called out in the instructions

    • When selecting the application, be sure to select the ShareThrift UI App you created earlier.

It is important to note that the user experience for signing up is less than ideal at the moment (as the user has to look for a small link in the login dialog to create an account) but as this is a preview feature we can expect the experience to get better.

If you happen to have AAD Premium, you can change out the logo and background to make it more apparent to the user that they're not logging into Microsoft, but instead to your application/organization and would likely slightly lead users to click the "Create one" link.

Unfortunately it doesn't appear that you can deep link into the "Create one"

Customizing and validating additional details

We can add a validation layer before an account is created for the user. We would do this in order to prevent unwanted users from signing up to our website.

In order to do so, we need to create an API Connector and hook it into our user flow. We will also need a function app to validate it against as we will need to create a username and password in the API Connector.

Creating API Connector

  1. In Azure go to: Manage Azure Active Directory -> External Identities -> All API connectors

  2. Add a New API connector

    1. Display Name: a unique name that will be used to hook into the user flow

    2. Endpoint URL: Endpoint in which we will validate the information. The API Connector will call onto this endpoint and send the requested data to it. (Our function app)

    3. Username: name in which we will validate against. (This should be checked against in the function app via environment variables, ENSURE the username does not have any colons)

    4. Password: password in which we will validate against. (This should be a super strong password and needs to exist in the function app via environment variables, ENSURE the password does not have any colons)

  3. Save the API Connector

Link API Connector to User Flow

  1. In Azure go to: Manage Azure Active Directory -> External Identities -> User flows

  2. Select the user flow in which you want to use the API Connector

  3. Go to API Connectors

  4. Before creating the user: (select the API Connector created earlier)

  5. Save

(Optional) Add User Attributes

We may want to validate against certain attributes.

We can add new attributes:

  1. Manage Azure Active Directory -> External Identities -> Custom user attributes

  2. Add

    1. Name: Name of value, this will come back in the payload

    2. Date Type: Type of the value

    3. Description: Describe what the value is used for

    4. Create

We can choose which attributes we want to collect from:

  1. Manage Azure Active Directory -> External Identities -> User flows

  2. Select the user flow to modify

  3. Go to User attributes

  4. Select which items you want to ask the user (You will see custom and built in attributes)

  5. Save

Notes:

  • Accounts cannot use domain level email addresses

  • Facebook accounts must be verified

Resources:

  • Microsoft

  • ISSUE!

Build 2020 Session introducing self-serve sign-up for external identities.
Issue with MSAL & External Identities - Difficulty with Roles
Add a self-service sign-up user flow to an app (Preview)
Add Facebook as an identity provider for External Identities
Less than ideal user experience.