Microsoft Azure AD B2C
Learn how to integrate Authsignal with Azure AD B2C.
Authsignal provides a simple integration with Azure AD B2C via the Open ID Connect (OIDC) flow/technical profile, using Azure AD B2C custom policies in the identity experience framework to orchestrate the customer journeys in order to provide passwordless and adaptive MFA user journeys.
This document outlines the technical profiles for the key APIs for the Open ID Connect flow, as well as other utility APIs to allow greater functionality in your user journeys.
Authsignal - Technical profiles
OIDC Connect Technical profile
Main Authsignal Connect technical profile
The POST init-auth
call as documented in the OIDC Flow documentation is a prerequisite before federating the flows to Authsignal via the OIDC technical profile.
Claims Transformation
The InputParameter
is the Authsignal action name. This is crucial as it gives context to the tracked actions. You may give actions any name provided that they give context: for example, signUp
, signIn
, changeEmail
.
Refer to the POST /init-auth
documentation for the full list of available inputs.
Initialize Auth technical profile
OIDC Technical profile
For a full list of available claims, view the Open ID connect access token exchange documentation.
Authsignal utility API calls - Technical Profiles
Authsignal has a core server API documented here. Due to Azure AD B2C technical profiles not being able to construct purely RESTful URLs, we’ve created convenience proxy endpoints to map to our key APIs. These API calls extend on the above Authsignal Connect API technical profile
Get user
This API call maps to our Retrieve user API call, and returns an isEnrolled
attribute indicating if the user has at least 1 authenticator enrolled.
Request
The unique ID of the user in your database or IdP.
Response
True if the user is enrolled with at least one verification method and can be challenged.
The list of verification methods which the user is permitted to enroll.
The list of verification methods which the user has enrolled.
The user’s default verification method.
The user’s email address.
The user’s phone number in E.164 format.
Was this page helpful?