- Starting May 2021, GitHub announced a change that impacts your Azure AD B2C custom policy federation that uses Github as an Identity Provider. To fix this issue, update your GitHub technical profile
- AzureAD B2C 99.99% SLA is in updated documentation https://azure.microsoft.com/en-us/support/legal/sla/active-directory-b2c/v1_1/
- Define an OAuth2 custom error technical profile
- Page layout version 2.1.6
- TLS and cipher suite requirements
- [Document] Learn how to test the password protection settings
- Refresh tokens can now be used to acquire access tokens to any api scope that has been consented to on the Application Registration.
- Set up sign-up and sign-in with an eBay
- Custom email verification GA
- Azure AD B2C tenant data residency in Australia
- [Document] Learn how to manage your Azure AD B2C tenant
- Custom domains
- Embedded sign-in experience using iframe
- Claims transformations: FormatLocalizedString
- Force password reset.
- New Self-service password reset user experience, without error redirection. Also known as embedded password policy.
- Reset a user's password through Azure Portal.
- Set up sign-up and sign-in with an Apple ID.
- Keep me signed in (KMSI) is now supported by user flows.
- Azure AD B2C 99.99% SLA Announcement, updated B2C SLA starts May 2021.
- Azure AD B2C service limits and restrictions
- New MS Graph operation allows you to configure the the email address that can be used by a username sign-in account to reset the password
- Set up a sign-in (only) flow
- Add an identity provider:
- Secure your REST API technical profile to use API key authentication
- Using custom policies, you can disable the sign out from federated identity providers, by setting the identity provider technical profile SingleLogoutEnabled metadata.
- Select your subscription when you create an Azure AD B2C tenant
- Set up phone sign-up and sign-in with custom policies in Azure AD B2C
- Learn how to transfer the Azure AD B2C auditing logs to an Azure Log Analytics workspace, and create a dashboard or create alerts that are based on Azure AD B2C users' activities.
- Use API connectors to customize and extend sign-up user flows
- User phone number CRUD operations MS Graph API
- User input validation delay using
setting.inputVerificationDelayTimeInMillisecondsmetadata. - Display control UI new localization format.
- SubJourneys can be used to organize and simplify the flow of orchestration steps within a user journey.
- ID token hint allows relying party applications to send an inbound JWT as part of the OAuth2 authorization request.
- [Documentation]
- Provide optional claims to your app, user flow and custom policy
- Localization XML samples
- Configure Application Insights in Production for error handling
- Remote profile solution allows you to store and read user profiles from a remote database.
- Using application Id in the scope
- Facebook app registration new steps
- Migrating to page layout sample
- Add AD FS as a SAML identity provider troubleshooting
- SAML Protocol
- SAML IDP initiated support
- SAML token spec and customization
- SAML new metadata TokenNotBeforeSkewInSeconds
- SAML relying party WantsSignedResponses and XmlSignatureAlgorithm metadata
- New
{SAML:Subject}claim resolver - Use the SAML identity provider technical profile input InputClaims element to send a NameId within the Subject of the SAML AuthN Request.
- Identity Protection and Conditional Access for Azure AD B2C
- Policy key, key rollover, and how to replace a key
- Page layout version 2.1.0
- [Documentation]Relying Party Technical Profile - Added guidance on how to set the NameId format for SAML Assertions issued to a SAML Relying Party.
- [Documentation]User Migration - Updated the Seamless Migration sample to use Microsoft Graph API to pre migrate users into the Azure AD B2C directory.
- AD SSPR technical profile provides support for verifying an email address for self-service password reset (SSPR).
- Custom email verification with Mailjet
- SAML Service provider in GA
- Azure AD B2C to Azure AD B2C federation is supported.
- [Document] Learn how to:
- [New] Single sign-out for both OAuth2, OIDC and SAML relying party applications.
- [Documentation]
- Session overview
- GetSingleItemFromJson claims transformation
- [Update] SetClaimsIfRegexMatch claims transformation now supports grouping extraction, to get a value from a string claim.
- [New] StringCollectionContainsClaim claims transformation
- [New] Claim resolver now supports claim values
- [New] SAML:RelayState claim resolver
-
[New] Phone factor technical profile supports auto dial. For more information check the metadata.
-
[Update] Keep me signed in (KMSI) page layout version 1.2.0 and above requires
setting.enableRememberMemetadata. -
[New] Secure a REST API technical profile with bearer token
-
[New] Azure AD B2C UI supports (in GA) Safari for iOS and macOS, version 12 and above doc link
-
Documentation
-
[New] claim resolvers
{OIDC:scope},{OIDC:RedirectUri},{Context:KMSI}and SAML claims resolvers -
[New] Azure AD attribute
signInNamesthe unique sign in name of the local account user of any type in the directory . Use this to get a user with sign in value without specifying the local account type. For more information, see Sign In and Sign Up with Username or Email sample
- [Document] Learn how to:
- Localize your custom verification email
- Manage Azure AD B2C with Microsoft Graph
- Manage Azure AD B2C user accounts with Microsoft Graph
- Deploy custom policies with Azure Pipelines
- Manage Azure AD B2C custom policies with Azure PowerShell
- Guidelines for using custom page content
- Claim data types and UserInputType
- [New] Use Azure Monitor to route Azure Azure AD B2C usage activity events to different monitoring solutions.
- [New] Claims transformations:
- Boolean: Compare Boolean claim to value.
- Date: Convert DateTime to Date claim
- General: Copy claim
- String: String contains, Substring, Find and replace, String join, String split, Set claims if Regex match, Copies localized strings into claims
- StringCollection: String collection contains
- PhoneNumber: ConvertPhoneNumberClaimToString, now you can convert a phoneNumber data type back into a string data type.
- [New] Python web app sample - Demonstrate how to Integrate B2C of Microsoft identity platform with a Python web application.
- [New] Logout force to pass a previously issued ID token to the logout endpoint as a hint about the end user's current authenticated session with the client, is now supported with custom policies using
EnforceIdTokenHintOnLogoutattribute of the SingleSignOn element. - [New] Company branding (preview) - You can customize your user flow pages with a banner logo, background image, and background color by using Azure Active Directory Company branding
- [Update] The Microsoft Azure AD B2C service is compatible with SameSite browser configurations, including support for SameSite=None with the Secure attribute. For more information, see Azure AD B2C Cookie Definitions
- [Update] Azure Active Directory B2C is deprecating login.microsoftonline.com
- [New] Azure MFA technical profile provides support for verifying a phone number by using Azure Multi-Factor Authentication (MFA).
- [New] phone number claims transformations
- [New] Phone sign-up and sign-in in Azure AD B2C enables your users to sign up and sign in to your applications by using a one-time password (OTP)
- [New] SAML app registration, learn how to configure Azure AD B2C to act as a SAML identity provider to your web applications.
- [New] Display Controls is a new user interface element that has special functionality and interacts with the Azure Active Directory B2C (Azure AD B2C) back-end service. It allows the user to perform actions on the page that invoke a validation technical profile at the back end. Use a Verification Display Control to verify a claim, for example an email address or phone number, with a verification code sent to the user.
- [New] Self-Asserted technical profile, now supports Display Claims with reference to claim types and display controls.
- [New] Azure AD B2C now provides support for managing the generation and verification of a one-time password. Use the OTP technical profile to generate a code, and then verify that code later.
- [New] REST API technical profile, support of JSON payload input claim
- [New] REST API technical profile, support of sending bearer token that is stored in a policy key. Use
AuthenticationTypemetadata toBearer - [New] GenerateJson claims transformation generates a complex JSON using input claim and input parameters.
- [New] Use custom email in Azure AD B2C to send customized email to users that sign up to use your applications.
-
[New] Use the Azure portal to create and delete consumer users in Azure AD B2C
-
[New] app registration experience. With the new UX (in preview), you manage your Azure AD and Azure AD B2C applications in the same place.
-
[Update] Azure Active Directory B2C Monthly Active Users (MAU) pricing model
-
[Fix] When using
AlwaysUseDefaultValue(in input claims or output claims) with a claim resolver . If the claim resolve is missing, B2C returns an empty string (without error message). For example, if the query string parameteridpis missing, theselected_idpcontains an empty string.<InputClaim ClaimTypeReferenceId="selected_idp" DefaultValue="{OAUTH-KV:idp}" AlwaysUseDefaultValue="true" />
-
[New] Use MS Graph API to perform CRUD operations against User Flows
-
[New] Use MS Graph API to perform CRUD operations against Custom Policies
-
[New] Use MS Graph API to perform CRUD operations against IEF Key Containers
- [New] MS Graph API samples for User Flow, Custom Policies, and Key CRUD operations.
- [New] Pass through an identity provider's access token in Azure AD B2C with user flow and custom policy