How to auto redirect to Auth0 IDP from Azure AD B2C custom polcieis based on certain condition
We have added Auth0 as IDP in Azure AD B2C using custom policies. We want to redirect to Auth0 based on condition instead of user pressing button on UI.
Below is UserJourney in Azure AD B2C custom policies:
<UserJourneys>
<UserJourney Id="Internal" DefaultCpimIssuerTechnicalProfileReferenceId="JwtIssuer">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="pre-hrd" TechnicalProfileReferenceId="SelfAsserted-EmailOrUsernameCollect" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectIdFromSession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="HRD" TechnicalProfileReferenceId="HRD_Api" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="3" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>objectIdFromSession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SSO_HRD" TechnicalProfileReferenceId="HRD_Api_SSO" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="4" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idp</Value>
<Value>none</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>connection</Value>
<Value>B2CLocalUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="Auth0Login" />
</ClaimsProviderSelections>
</OrchestrationStep>
<OrchestrationStep Order="5" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>connection</Value>
<Value>B2CLocalUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="Auth0Login" TechnicalProfileReferenceId="Auth0-OID" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="6" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idp</Value>
<Value>none</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" />
</ClaimsExchanges>
</OrchestrationStep>-->
<OrchestrationStep Order="6" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>idp</Value>
<Value>costcoaad</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="HintedAzureADExchange" TechnicalProfileReferenceId="Client-AAD" />
</ClaimsExchanges>
</OrchestrationStep>
* further steps
**
***
<OrchestrationSteps>
</UserJourney>
</UserJourneys>
This journey shows the button on the UI for Auth0 like shown below, but we want to redirect to Auth0 when "idp" value is "none" and "connection" is not "B2CLocalUser" on step 4
Instead of showing the button, we want to redirect automatically to Auth0 IDP login.
How can we do this? I tried to put some conditions but it did not work.
Appreacite any help.
Thanks.
Update: I was able to redirect to Auth0 without user interaction. I put step 4 as below and it redirects me to Auth0 based on the condition.
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>connection</Value>
<Value>B2CLocalUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="Auth0Login" TechnicalProfileReferenceId="Auth0-OID" />
</ClaimsExchanges>
</OrchestrationStep>
Solution
I was able to redirect to Auth0 without user interaction. I put step 4 as below and it redirects me to Auth0 based on the condition.
<OrchestrationStep Order="4" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="true">
<Value>connection</Value>
<Value>B2CLocalUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>objectId</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="Auth0Login" TechnicalProfileReferenceId="Auth0-OID" />
</ClaimsExchanges>
</OrchestrationStep>
- Generating token for Fabric Rest api using client secret
- Authenticate to SQL Server with Azure app service managed identity through group
- Why is my Azure AD token request returning HTTP 400 consent error for API permissions that have been granted?
- How to set Azure MSAL SSO for my Nextjs14 app using Approuter and next-auth
- Unable to Connect to Azure PostgreSQL Database via Point-to-Site VPN with Azure Active Directory on macOS
- How do I retrieve the service principal password after creation using the azure cli?
- Cannot create Azure B2C Tenant
- Accessing Graph API from multi tenant App Function via identity
- My Azure AD B2C User Flow is not returning a token on jwt.ms
- AADSTS65001: The user or administrator has not consented to use the application with ID <app-id>
- AccountEnabled user property from Azure AD returning null
- Azure B2C user flow without an email
- How to use Azure Data Factory to take Business Central data and put into Azure SQL DB?
- Triggering a PowerAutomate desktop flow, using apis, fails due to access issues
- Azure - should the creator of a resource have owner rights?
- Scope is not being added to Access Token returned from Azure Ad
- The required field 'nonce' is missing from the credential. Ensure that you have all the necessary parameters for the login request. [Azure Open ID]
- Exchanging azure AD token with Identity server token
- Website authenticating users against AAD: can the OpenId document be provided offline to the consuming website?
- how to limit code verification email Spaming in Azure B2C
- Custom Claims in a Multitenant Microsoft Entra App
- Get error "You do not have elevated access" when try to postpone MFA enforcement
- How to bulk create/import users in Azure AD so that all of them can have single sign on to my SF sandbox?
- How can I "Get Microsoft Teams Users" Using of Microsoft Graph API
- Azure AD Authentication 401 error "the audience is invalid" AddAzureADBearer .Net Core Web Api
- AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- How to get users info list from Azure AD app by calling Microsoft Graph API from ASP.NET Core Web API?
- Updating App Registration's Configured permission without overwritten existing values
- Missing Environment Variable 'BOT_ID' While Registering Microsfot Teams Bot App, while using Teams tool Kit template
- Error on integration with SSO Azure AD (BrowserAuthError: uninitialized_public_client_application)