Set up the local account identity provider
Before you begin, use the Choose a policy type selector at the top of this page to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.
This article describes how to determine sign-in methods for your Azure AD B2C local accounts. A local account refers to an account that is created in your Azure AD B2C directory when a user signs up for your application or an admin creates the account. Usernames and passwords are stored locally and Azure AD B2C serves as the identity provider for local accounts.
Several sign-in methods are available for local accounts:
- Email: Users can sign up and sign in to your app with their email address and password. Email sign-up is enabled by default in your local account identity provider settings.
- Username: Users can sign up and sign in with a username and password.
To learn more about these methods, see Sign-in options.
To configure settings for social or enterprise identities, where the identity of a user is managed by a federated identity provider, see Add an identity provider.
Prerequisites
- Create a user flow so users can sign up and sign in to your application.
- Register a web application.
- Complete the steps in Get started with custom policies in Active Directory B2C. This tutorial guides you how to update custom policy files to use your Azure AD B2C tenant configuration.
- Register a web application.
Configure local account identity provider settings
You can choose the local account sign-in methods (email, username, or phone number) you want to make available in your tenant by configuring the Local account provider in your list of Azure AD B2C Identity providers. Then when you set up a user flow, you can choose one of the local account sign-in methods you've enabled tenant-wide. You can select only one local account sign-in method for a user flow, but you can select a different option for each user flow.
To set your local account sign-in options at the tenant level:
Sign in to the Azure portal.
If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
Under Azure services, select Azure AD B2C. Or use the search box to find and select Azure AD B2C.
Under Manage, select Identity providers.
In the identity provider list, select Local account.
In the Configure local IDP page, select one or more identity types you want to enable for user flows in your Azure AD B2C tenant. Selecting an option here simply makes it available for use tenant-wide; when you create or modify a user flow, you'll be able to choose from the options you enable here.
- Username: Users can create their own unique user ID. An email address will be collected from the user and verified.
- Email: Users will be prompted for an email address which will be verified at sign-up and become their user ID.
Select Save.
Configure your user flow
- In the left menu of the Azure portal, select Azure AD B2C.
- Under Policies, select User flows.
- Select the user flow for which you'd like to configure the sign-up and sign-in experience.
- Select Identity providers
- Under the Local accounts, select one of the following: Email signup, User ID signup, or None.
Get the starter pack
Custom policies are a set of XML files you upload to your Azure AD B2C tenant to define user journeys. We provide starter packs with several pre-built policies. Download the relevant starter-pack:
After you download the starter pack.
In each file, replace the string
yourtenant
with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is contosob2c, all instances ofyourtenant.partner.onmschina.cn
becomecontosob2c.partner.onmschina.cn
.Complete the steps in the Add application IDs to the custom policy section of Get started with custom policies in Azure Active Directory B2C. For example, update
/phone-number-passwordless/
Phone_Email_Base.xml
with the Application (client) IDs of the two applications you registered when completing the prerequisites, IdentityExperienceFramework and ProxyIdentityExperienceFramework.Upload the policy files