Skip to content

Instantly share code, notes, and snippets.

View rbrayb's full-sized avatar

rbrayb rbrayb

37 followers · 0 following
View GitHub Profile
@rbrayb
rbrayb / B2C_1A_Extension_OrchestrateToCiam.xml
Last active October 2, 2024 02:14
Using Azure AD B2C custom policies with Entra External ID
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_OrchestrateToCiamV2" PublicPolicyUri="http://tenant.onmicrosoft.com/" TenantObjectId="tenant.onmicrosoft.com>"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights"
>
<!--
Please modify policyId to save the policy.
@rbrayb
rbrayb / SignUpOrSignin_Kinde.xml
Created September 24, 2024 00:24
Connecting Azure AD B2C to Kinde via OIDC
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin_Kinde" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_signup_signin_Kinde" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions_DC</PolicyId>
</BasePolicy>
@rbrayb
rbrayb / MailDebug.cs
Created September 6, 2024 03:09
Using a fake email server to validate OTP codes in Azure AD B2C
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.Extensions.Logging;
using System;
using System.Net;
using System.Net.Mail;
using System.Threading.Tasks;
@rbrayb
rbrayb / SignUpOrSignIn_Create_TOTP.xml
Last active August 26, 2024 02:47
Using the TOTP MFA method in Azure AD B2C with an authenticator application
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0"
TenantId="tenant.onmicrosoft.com"
PolicyId="B2C_1A_Demo_SignUp_SignIn_Create_TOTP"
PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Demo_SignUp_SignIn_Create_TOTP">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_Demo_TrustFrameworkExtensions_Create_TOTP</PolicyId>
</BasePolicy>
@rbrayb
rbrayb / SignUpOrSigninSAML.xml
Created April 25, 2024 21:41
Connecting Azure AD B2C as an SP to Entra ID via SAML
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signinSAMLMeta" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_signup_signinSAMLMeta"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensionsSAMLMeta</PolicyId>
@rbrayb
rbrayb / EntraIDFed.xml
Created April 23, 2024 21:45
Federating with Azure AD B2C without creating a shadow account
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_signup_signin_EntraIDFed" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_signup_signin_EntraIDFed"
DeploymentMode="Development"
UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TRUSTFRAMEWORKEXTENSIONSMFA</PolicyId>
@rbrayb
rbrayb / Captcha.xml
Created April 18, 2024 23:56
Using CAPTCHA in Azure AD B2C
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TrustFrameworkPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.microsoft.com/online/cpim/schemas/2013/06" PolicySchemaVersion="0.3.0.0" TenantId="tenant.onmicrosoft.com" PolicyId="B2C_1A_Captcha" PublicPolicyUri="http://tenant.onmicrosoft.com/B2C_1A_Captcha" DeploymentMode="Development" UserJourneyRecorderEndpoint="urn:journeyrecorder:applicationinsights">
<BasePolicy>
<TenantId>tenant.onmicrosoft.com</TenantId>
<PolicyId>B2C_1A_TrustFrameworkExtensions-Captcha</PolicyId>
</BasePolicy>
@rbrayb
rbrayb / Table.csv
Created February 9, 2024 04:07
Confusion around B2B with Entra External ID for customers (CIAM)
Tenant Creation method User type
Entra ID Invite Guest
Entra ID Self service sign up Guest
Entra External ID (CIAM) Invite Guest
Entra External ID (CIAM) Self service sign up Member
@rbrayb
rbrayb / Diff.csv
Last active July 21, 2024 20:21
Differences between Azure AD B2C and Entra External ID for Customers (CIAM)
Feature B2C CIAM
Federation
Custom OIDC Yes No
Entra ID Yes Note 1
Microsoft account Yes Note 2
Social Lots Facebook and Google
SAML Yes - direct Note 3
WS-Fed No Note 3
- - -
User flows
@rbrayb
rbrayb / Link.xml
Last active January 24, 2024 23:27
Another look at account linking in Azure AD B2C