Integrating Trusona and Azure Active Directory B2C

This guide details the steps required to configure Trusona for your AAD (B2C).

What’s in this doc

Step 1: Email integration@trusona.com with the following information:

  1. Email domain
  2. Company name
  3. Azure Directory ID (located Azure Active Directory > Properties > Directory ID)
  4. Email “Initial domain name” in step 2.

Step 2: Create an Azure Active Directory B2C tenant

  1. On the left side select “Dashboard”
  2. In the search bar type “Azure Active Directory B2C”
  3. Select “Azure Active Directory B2C” from the dropdown
  4. Select “Get Started”
  5. Select “Create a new Azure AD B2C Tenant”
  6. Create Organization name and Initial Domain Name
  7. Select the “Create” button

Note: It may take a few minutes for the tenant to be created.

Step 3: Add New Identity Provider

Dashboard > Azure AD B2 – Identity providers

  1. Select “Identity providers”
  2. Select “Add”

Step 4: Configure Identity Provider

  1. Select “Identity provider type”
  2. OpenID Connect (Preview)

Step 5: Set up this Identity Provider

Field Value
Metadata URL https://gateway.trusona.net/oidc/.well-known/openid-configuration
Client ID Will be emailed to you from Trusona
Scope openid profile email
Response type id_token
Response mode form_post

Step 6: Set up claims mapping

Select “Map this identity provider’s claims”

Field Value
User ID sub
Display name nickname
Given name given_name
Surname family_name
Response mode email

Click Ok to complete the setup for your new OIDC Identity Provider.

Step 7: Create user flow policy

You should now see your new OpenID Connect Identity Provider listed within your B2C Identity Providers.

  1. Select “User flows (policies)”
  2. Select “Add”
  3. Select “New user flow”
  4. Select “Sign up and sign in”

Step 8: Configure Policy

  1. Name your policy
  2. Select your new created Trusona Identity Provider.
  3. Select “Create”
  4. Show more
  5. Select at least one attributes that you specified during the setup in “Step 5: Setup this Identity Provider”.
  6. Select “OK”

As Trusona is inherently multifactor, it’s best to leave multifactor authentication disabled.

Step 9: Test Policy

  1. Select your newly created policy
  2. Run user flow
  3. Enter Relying URL
  4. Run user flow

When clicking the Run user flow button, you will be redirected to the Trusona OIDC Gateway. On the Trusona Gateway you can scan the displayed Secure QR code with the Trusona App or with an custom app using the Trusona mobile SDK.

After scanning the Secure QR code, you should be redirected to the Reply URL you defined in the previous step.

Architecture

Trusona AAD B2C integration architecture diagram