This article provides a quick start guide for setting up a username and password login store for Authress utilizing your Azure Account. Authress aggregates different user stores together and enables features that these identity providers don't provide.
This is the right integration to set up if you already have an Azure AD B2B tenant and want to enable those users to login with their Azure AD account or if you want to add a username and password store to your Authress account and are using Azure as your cloud provider.
This setup is not necessary if your users log in through SSO via their own corporate identity provider. Instead, you can directly configure their provider as an Identity Provider Connection in the Authress Management Portal.
If you are looking to enable admin login access into the Authress Management Portal using your corporate IdP see the Authress Management Portal SSO Configuration.
Creating the directory in Azure
Navigate to the Azure portal and search for Azure Active Directory.
If you already have a directory you want to use, then you can skip this step, otherwise follow the instructions below.
Select Manage Tenants at the top of the screen, and create a new tenant. Each tenant is how Azure classifies different Active Directories. Create a tenant and specify Azure Active Directory (B2C) as the tenant type.
Note: You want to have separate directories, one for your Azure admin to log into your Azure account, and one for your users to log into your applications. These should not be shared.
Troubleshooting directory creation
If you see this error while creating your new directory, the Azure subscription for you account must be updated.
Search for Subscriptions and then navigate the menus > click on your Azure Subscription name > scroll down to Resource providers > Then search for Microsoft.AzureActiveDirectory.
Register, and then retry the Directory creation.
Create the Azure AD B2C signup and login flow
For users that want to use username and password option we'll configure the signup and login flow in your new directory. Navigate to the Directory's User Flows > and then click on New user flow > select Sign up and sign in > Recommended > Click create. Then configure your requirements for the manual sign up flow.
New Azure application
We'll link our directory to Authress, enabling Authress to log your users in using your directory.
Click App registrations > then click New registration.
We've named our tenant Authress User Pool, and now we'll create an application in Azure. The application is the Azure side of the integration.
Configure the following settings:
- Enable login to this application to Accounts in any identity provider or organizational directory (for authenticating users with user flows)
- Set the Redirect type to be Web and the Redirect URI value to be your Authress Custom Domain, that value should be of the form
Create the Authress connection
With the Azure directory and application created, now we can start the configuration on the Authress side. We'll need the following properties:
OAuth 2.0 authorization endpoint
OAuth 2.0 token endpoint
Azure Application ID
We'll copy each one of these to Authress, one by one.
To start we need a new Authress Connection, navigate to the Authress Management Portal connections, and click
Add connection. (Note: We cannot use the preconfigured Microsoft connection).
First we'll need to the relevant endpoint urls. These are available in the Azure App Registration screen by clicking Endpoints at the top of the screen
There are many endpoints here, we need specifically the Azure AD B2C OAuth 2.0 authorization endpoint (v2) and the Azure AD B2C OAuth 2.0 token endpoint (v2), they are at the top and have the form:
You'll notice there is a
<policy-name> property. This must be replaced with the expected
user flow ID. Replace
<policy-name> with the user flow ID we created in the previous step, before pasting the endpoint urls into Authress. Full values for these urls should look something like:
Authorization Url: https://authressUserPool.b2clogin.com/authressUserPool.onmicrosoft.com/B2C_1_authress_azure_signup_flow/oauth2/v2.0/authorize
Token Url: https://authressUserPool.b2clogin.com/authressUserPool.onmicrosoft.com/B2C_1_authress_azure_signup_flow/oauth2/v2.0/token
Copy these two values into the
Authorization Url and
Token Url fields in the Authress Connection, respectively.
The client ID is found as part of the URLs can be directly copied from the app registration page's essential information:
Generate the credentials for Authress
For Authress to use your Directory, we'll need to configure credentials to secure the connection. Navigate back to Azure > App registrations > Click on the Authress integration application you just created > Select Certificates & Secrets from the left menu.
Then click New client secret, follow the prompts and copy the secret Value (Do not copy the Secret ID), an example secret is
Paste the secret into the Authress connection Client secret field.
Validate the configuration
Now the setup is complete and you are ready to test connection. When everything is configured correctly you'll see the test login success screen: