LoginRadius as IDP in Azure AD B2C using OIDC
This document will cover the steps to configure LoginRadius as Identity Provider using OpenID Connect.
Steps To configure in LoginRadius Admin console:
-
Login into the Admin console and navigate to Apps and click on Add App.
-
After that, you need to fill the required field as follows:
App Name - App name as per your wish.
Secret Key - The secret key should be the same as that you have to enter in Azure.
-
For field mapping, Enter the same key value as shown below.
-
After filling all the fields, click on Save.
Steps To configure LoginRadius as IDP in Azure:
Prerequisites:
- Check whether the user flows and custom policies in Azure Active Directory B2C are created in the application. If not, follow this document to create the User Flow.
- Verify whether a web application in Azure Active Directory B2C is created, and if not, follow this document to create the web application.
To add the identity provider
-
Sign in to the Azure portal as the Global Administrator of your Azure AD B2C tenant.
-
Make sure that you have switched to the Azure AD B2C directory as in the picture below. If you have not switched, find your Azure AD B2C directory in the Directory namelist and select Switch.
-
In the Home page, search and select Azure AD B2C.
-
Select Identity providers, and then select New OpenID Connect provider.
-
Fill in the required detail in the configure custom IPD form as seen in the above image as follows:
| FIELD NAME | VALUE | DESCRIPTION |
|---|---|---|
| Name | <Name of the IDP> | Name as you wish to see in the Login screen. |
| Metadata url | https://cloud-api.loginradius.com/sso/oidc/v2/<sitename>/<oidcappname>/.well-known/openid-configuration | Use this URL format by replacing the <site name> as app name of LoginRadius app and <OIDC appname> as in the OIDC configuration in the federated SSO > OIDC Connect section of Admin console |
| Client ID | \<Api Key> | Api key of the LoginRadius |
| Client secret | <Secrete Key >(If Needed) | Secret key of the LoginRadius Account |
| Scope | openid | Keep it default one no need to change |
| Response type | id_token | To get the token as query parameter |
| Response mode | query | To get the response in the Query parameter |
| Domain hint | <your domain.com> | It is used on the /authorize endpoint to automatically select the provider instead of showing the sign-in page. |
| User ID | UserID | User ID as per your wish to configure same in the admin console. |
| Display name | DisplayName | Display name as per your wish to configure same in the admin console. |
| Given name | given_name | Given name as per your wish to configure same in the admin console. |
| Surname | family_name | Surname as per your wish to configure same in the admin console. |
| Email as per your wish to configure same in the admin console. |
-
After Filling all mandatory fields, click on the save button on the top.
Add the identity provider to a user flow
-
In your Azure AD B2C tenant, select User flows which you have created.
-
Click the user flow that you want to add the identity provider.
-
Under Social identity providers, select the identity provider which you have added.
-
Select Save.
Test your user flow
Before Testing the user flow, make sure the replay URL and Run user flow endpoint URL are whitelisted in the LoginRadius admin console.
-
To test your policy, select Run user flow.
-
For Application, select the web application name that you have created from the drop-down menu.
-
The Reply URL should show https://jwt.ms. Select the Run user flow button.
-
From the sign-up or sign-in page, select the identity provider you want to sign in as the name you have provided in the IDP configuration.
-
Once you have logged in successfully, you will be redirected to https://jwt.ms with the token. The information passed from the LoginRadius will be shown below or it will register with the OTP with a confirmation page.
