Element Name: Authentication B2C
Category: Active Directory
Description: This component is responsible for handling user account registration, login, profile editing, and password reset functionalities for integration with Azure Active Directory.
Functionality: Enables the execution of authentication, allowing Lynn to receive a token that is validated to access data such as usernames, email addresses, among others. These can be utilized within the Lynn workflow.
Resource Creation: Access the Microsoft Azure portal (portal.azure.com) under the Create a Resource section. For further details, refer to Azure AD B2C information at https://learn.microsoft.com/es-es/azure/active-directory-b2c/
Create Application: Access the Microsoft Azure portal (portal.azure.com) in the "App registrations" section and select "New registration." For more information, consult Azure AD B2C documentation. https://learn.microsoft.com/es-es/azure/active-directory-b2c/tutorial-register-applications?tabs=app-reg-ga#register-a-web-application
Create Custom Policy:
To initiate this process, access the Microsoft Azure portal, navigate to Azure AD B2C (found in the menu under the Identity category). Select the previously created resource, and once inside the resource, go to the Identity Experience Framework option.
Once inside the Identity Experience Framework, you need to create a custom policy. To achieve this, it is necessary to upload .xml files where the code defining these policies is outlined. For more detailed information, please refer to the Azure AD B2C documentation. https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy
Custom Policy Details Window (Authentication Policy):
The information from this window is essential for configuring Lynn's extension module. Make sure to locate it by selecting the previously created authentication policy, as depicted in the image:
Action Configuration Fields (Required)
[Run now endpoint] (Run connection point now): String Field Expression in which the endpoint must be defined to send a request to the Azure AD B2C service to execute the previously created custom policy (authentication policy). This data is extracted from the details window of the Custom Policy.
OpenID Connect discovery endpoint: String Field Expression in which the endpoint for connecting to the Microsoft OpenID Connect authorization server must be defined (within single quotes). Through this server, information about the location of relevant endpoints, configuration parameters, public keys used for verifying identity tokens, and other details necessary for integration with Azure AD B2C can be obtained. This data is extracted from the details window of the Custom Policy.
[Name of the entity where authentication data is stored.] String Field Expression where the entity in which the token record will be stored is specified.
[Overlay Authentication Form]: Selection field where the option "Yes" allows overlaying the user login over the application. When "No" is selected
[Message Writing Input]: Dropdown list where you can select an option to manage the message writing field:
- Show: Display the field that allows message writing.
- Hide: Hide the field that allows message writing.
- Block: Block the field that allows message writing.
[Authentication Form Availability Time in Seconds]: Dropdown list where you can select the amount of time (in seconds) that the authentication form will be available. Once the time is elapsed, the form will be cleared, and the user needs to re-enter the data.
[Successful Authentication Message]: String field where the message displayed to the user upon successful authentication is configured.
[HTML Code for Redirect Page]: String field where the redirect message presented after Lynn has processed the token is defined. This field accepts HTML code to format the text of the message.
[Redirect Page Display Time in Seconds]: Dropdown list where the time (in seconds) for the redirect page to be displayed is defined.
[If the maximum number of failed attempts is reached, the action flow will be interrupted, and the error description will be passed to the selected intent with the name: 'B2C_ERROR']: Dropdown list where the name of the entity for error handling must be selected.
[Configuration Values]: In this label, the webhook that needs to be copied into the Azure AD B2C/App Registrations portal will appear. Locate the initially created application, select the Authentication option from the menu, specifically the Web redirect URL section, as shown in the image: