Skip to content

Authentication B2C

Category: Active Directory

Description: This extension module allows the management of user account registration, login, profile editing, and password reset functionalities for integration with Azure Active Directory.

Functionality: Use this extension module to enable authentication, allowing Lynn to receive a token that is validated to access data such as usernames, email addresses, and more. These data can be used within the Lynn flow.

Prerequisites

  1. Create a Resource in Azure

    • Sign in to portal.azure.com.
    • Navigate to "Azure" and select "Create a resource".
    • Search for Azure Active Directory B2C and then select Create.
  2. Create an Application

    • Access the Microsoft Azure portal (portal.azure.com) under “App registrations” and select “New registration”. For more information, refer to Azure AD B2C

  3. Create a Custom Policy

    • To perform this process, access the Microsoft Azure portal, locate Azure AD B2C (in the menu under the Identity category). Select the previously created resource, then go to the Identity Experience Framework option.
    • Once inside the Identity Experience Framework, create a custom policy by uploading .xml files where these policies are defined in code. For more information, refer to Azure AD B2C

  4. Configure Custom Policy

    • The data from this window are necessary for configuring the Lynn extension module. Ensure to locate it by selecting the previously created authentication policy.

Implementation

Run now endpoint: This is a string field that allows entering the endpoint to send a request to the Azure AD B2C service to execute the custom policy (authentication policy) previously created. This data is extracted from the custom policy details window (Point 4, option 1 of the prerequisites).

OpenID Connect discovery endpoint: This is a string field where the endpoint (in single quotes) for connecting to Microsoft's OpenID Connect authorization server must be entered. Through this server, information about the location of relevant endpoints, configuration parameters, public keys used to verify identity tokens, and other details necessary for integration with Azure AD B2C can be obtained. This data is extracted from the custom policy details window (Point 4, option 2 of the prerequisites).

Entity Name for Storing Authentication Data: This field allows selecting or creating an entity where the token record will be stored.

Overlay Authentication Form: This field allows overlaying the user login on the application. Select "Yes" to enable this configuration or, by default, select "No".

Message Input Field: This dropdown list allows selecting an option to manage the message input field:

  • Show: Display the message input field.
  • Hide: Hide the message input field.
  • Block: Block the message input field.

Authentication Form Availability Time in Seconds: This dropdown list allows selecting the amount of time (in seconds) the authentication form will be available. After this period, the form will be cleared and the user will need to re-enter their data.

Successful Authentication Message: This string field allows configuring the message that the user will see when the authentication process is successful.

Redirection Page HTML Code: This string field allows defining the redirection message presented once Lynn has processed the token. This field accepts HTML code to format the message text.

Redirection Page Display Time in Seconds: This dropdown list defines the wait time (in seconds) for performing the redirection.

If the Maximum Number of Failed Attempts is Reached, the Action Flow Will Be Interrupted and the Error Description Will Be Passed to the Selected Intent Named 'B2C_ERROR': This dropdown list allows selecting the name of the intent for error handling. When an error overflow occurs, the B2C_ERROR entity will be loaded with the error details if available.

Configuration Values/Webhook: This field will store the Webhook that needs to be copied in the Azure AD B2C/Application Registrations portal. Locate the initially created application and select the Authentication option from the menu, specifically the Web Redirect URL section, as shown in the image:

For more information on this field, access Here