azureazure-ad-b2coktaazure-ad-b2c-custom-policy

Return Azure B2C ID to Okta


I have an app setup to use Azure B2C to allow user to login. We are now looking to move to Okta as the IdP as this will allow us to provide SSO capabilities between this app and another which cannot support Azure B2C as an IdP.

I have managed to register Azure B2C as an IdP within Okta, and after adding a custom user flow in Azure B2C using the Identity Experience Framework, I was able to have the user login correctly. However, I have 2 issues that I cannot seem to resolve that I would like some advise on:

  1. How do I pass the ID of the B2C user account back to Okta and store it in the Okta user profile?
  2. How do I stop the user being redirected back to Okta when they click the Forgot Password link on the B2C login page after being directed there from Okta?

Solution

  • I presume you are using OIDC and have created an app. registration in B2C for Okta?

    1. In that case, the user ID is passed back in the JWT as "sub".

      OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"

    2. Is B2C returning an AADB2C90118 error code? This tells the app. (Okta) to handle the password reset.

    In that case, use the embedded password reset flow.