Very helpful video, thanks Daniel!

great video! thanks for sharing!

Hi thanks for this great video 😀

Great video, but I wish that you went more in depth with the whole flow, including azure functions. I think, there's another approach to this challenge regardless of the Identity Provider, how and where you pull users permissions from and without using any cloud service such as azure functions to depend on to do that for you. Basically you would define new authorization requirement with handler (ie: HasPermissionsRequirement and HasPermissionsHandler) then you would create AuthorizationPolicyProvider class (similar to the example in video) that would parse through claims and create policies out of it based on any condition and then, you would add PermissionsToClaims middleware in which you would inject database provider or http client to call any internal/external database or API endpoint and pull permissions for given user (transform the way you want, if needed) and add them to claims. You would end up with total of 4 new classes to do it all for your in one project.

I recently read the article “API connectors to customize and extend sign-up user flows with external identity data sources”, I think it is another solution to the issue of adding the roles to the token through an external service

Hi there, It’s a very helpful info provided on the Microsoft Azure identity service ADB2C. Can you also suggest the best way to learn, design and implement the identity and access managing solutions using ADB2C through custom policies & built-In flows to handling the end users accessing a SPA app? Dealing with a requirement to manage a local and social / federated users… If possible, please create a lecture on handling the custom user flows via ADB2C custom policies and built-in flows would helps a lot. Thanks!

Hi Daniel, Thanks for the great videos!! You mentioned right now there is no authorization mechanism in AZ B2C and I understand it is almost a year now, Is there any update on this statement ? Plus if I want to connect my custom policy to an API is it possible ? Regards,

Hi, web application URL is given B2C for Login, If Webapplication is down how the login works? I mean for Disaster Recovery how does B2C works?

Hi, this is a great solution for the limitations in AD B2C as it doesn't have in-built authorization mechanism for user based authorization. However, I think you will also need to have a custom policy for sign-up so that a new user can be assigned to the respective group in the Azure SQL database. Perhaps the user gets assigned to a least privileged group and then some application admin can assign the user to appropriate group. Is that right? Thank you for the video and article on your blog, very helpful!

When will B2C support On-Behalf - of (OBO) Grant to support API chaining scenarios with this external authorization system?

Hi Daniel. Do you the Azure SQL Database tables scripts somewhere? I can't find it.

In azure B2C there is no useirnfo endpoint which I'd required while configuring sslesforce using OIDC auth provider. Is there any easy way to achieve this

I can see you have used function code authorisation directly in custom policy in xml it could breach security some Time how to secure it ? Is there any option to hide it ?

This article is out of date ! I just wish content providers would stay relevant by keeping their videos current !!

Is there a special requirement to be able to use custom policies? In my b2c tenant the option is greyed out for me.

How do sync data from salesforce using mulesoft with Azure B2C? Is any other way to get data sync from salesforce DB. Would be great if get response

Hi Daniel it's very helpful can you please share the source code ? I checked the one present in git hub but could not find it

Thank You. We are working on B2C project 1. Using built in user flow can we do welcome mail and first time force password reset 2. What is default expiration time if accounts is idle 3. Can we do bulk one time upload users?? 4. Any way we may go with mobile otp instead of mail using in user flow Would be great if get response

Hi, I used to think this could be solved by using security groups in the B2C tenant and Microsoft Graph API to add or remove users from these groups. Then in turn, my app could receive the security group a person belongs to and grant permissions based on that. From your video I learn that this is not a valid approach correct?

Can we expose AZURE AD API to B2C users without using client credential flow .. I mean API/Webapp is registered in Azure AD(B2B) and access should be given to B2C users