Has anyone tried to use Azure B2C for their external users through their own homegrown portal? We are running into issues trying to use OIDC as the protocol to secure it and have SSO work properly. OIDC's security model is to restrict 3rd party initiated logins so once we have users login to our portal, and pass the tokens from our portal to another app, we get an issuer mismatch error from our apps and can't create an SSO login experience for our users.

1.9k views1 Upvote2 Comments

Sort by:

VP of Engineering in Insurance (except health)a year ago

We do not use azure b2c in our company – we use aws and okta - but it sounds like there's a configured trust missing. Depending how your team set it up the trust is missing either between different auth servers or missing policies across apps within an auth server. Sorry I don't have a better answer but I hope this helps!

VP of Application Development in Finance (non-banking)a year ago

This article uses a sample JavaScript single-page application (SPA) to illustrate how to add Azure Active Directory B2C (Azure AD B2C) authentication to your SPAs. https://learn.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-spa-app

Also this may be helpful if they are using .NET https://learn.microsoft.com/en-us/entra/msal/dotnet/acquiring-tokens/desktop-mobile/social-identities

Content you might like

What's in your FinOps tool kit?

AWS Cost Explorer26%

Azure Cost Management45%

GCP Cost Tools14%

CloudHealth (VMware)7%

Cloudability (Apptio)1%

Other (Please share below!)5%

View Results

How has the COVID-19 crisis affected your fiscal 2022 budget planning?

We will be tightening our budgets.25%

We will be increasing our budgets.58%

It has no effect at all on our 2022 budgets.13%

Unsure3%

View Results

Can someone provide feedback on the Midpoint IGA product from Evolveum? Feedback about the product and engineering would be helpful..

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

We are currently developing an Open Source (OS) Policy for our company. To guide us through this process, we are following several Gartner publications. However, we are also looking for real-world implementation cases. Do you know of any examples of OS Policy implementation that you could share with us?

Sort by:

Content you might like

What's in your FinOps tool kit?

How has the COVID-19 crisis affected your fiscal 2022 budget planning?

Can someone provide feedback on the Midpoint IGA product from Evolveum? Feedback about the product and engineering would be helpful..

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

DevSecOps: Strategies, Organizational Benefits and Challenges

Green Cloud Computing

Omnicloud: The Future of Cloud Computing?

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go