Integrating Trusona and Azure Active Directory B2C

This guide details the steps required to configure Trusona for your AAD (B2C).

1. Getting started

1.1. Login to the dashboard

  1. Visit the Trusona Dashboard
  2. Login or create an account

2. Initial Configuration

2.1. Create an Azure Active Directory B2C tenant

Skip this step if you have an existing B2C tenant.

  1. On the left side select “Dashboard”
  2. In the search bar type “Azure Active Directory B2C”
  3. Select “Azure Active Directory B2C” from the dropdown
  4. Select “Get Started”
  5. Select “Create a new Azure AD B2C Tenant”
  6. Create Organization name and Initial Domain Name
  7. Select the “Create” button

Note: It may take a few minutes for the tenant to be created.

2.2. Create the Trusona integration

Next you’ll create an integration in the Trusona Dashboard that will provide you the values required to finish setting up your sign-up and sign-in rules in Azure.

Head back to the Trusona dashboard.

  1. Navigate to the Azure B2C integrations page in the sidebar
  2. Click the “Create Azure B2C integration” button
  3. Give this integration a name
  4. Enter the “initial domain” for your Azure B2C tenant.
  5. Click “Save”

2.2.1. How to find the initial domain

You can find the initial domain in azure by navigating to the Custom Domains area of the azure admin console.

Typically the initial domain is the first part of the hostname before .onmicrosoft.com

For example, given the hostname example-app.onmicrosoft.com the initial domain should be entered into the Trusona Dashboard as example-app.

3. Azure B2C Configuration

3.1. Add New Identity Provider

Dashboard > Azure AD B2 – Identity providers

  1. Select “Identity providers”
  2. Select “Add”

3.2. Configure Identity Provider

  1. Select “Identity provider type”
  2. OpenID Connect (Preview)

3.3. Set up this Identity Provider

For this step, you’ll need details from the integration you created in the Trusona Dashboard.

Field Value
Metadata URL https://gateway.trusona.net/oidc/.well-known/openid-configuration
Client ID Provided in the Dashboard
Scope openid profile email
Response type id_token
Response mode form_post

4. Set up claims mapping

Select “Map this identity provider’s claims”

Field Value
User ID sub
Display name nickname
Given name given_name
Surname family_name
Response mode email

Click Ok to complete the setup for your new OIDC Identity Provider.

5. Create user flow policy

You should now see your new OpenID Connect Identity Provider listed within your B2C Identity Providers.

  1. Select “User flows (policies)”
  2. Select “Add”
  3. Select “New user flow”
  4. Select “Sign up and sign in”

6. Configure Policy

  1. Name your policy
  2. Select your new created Trusona Identity Provider.
  3. Select “Create”
  4. Show more
  5. Select at least one attributes that you specified during the setup in “Step 5: Setup this Identity Provider”.
  6. Select “OK”

As Trusona is inherently multifactor, it’s best to leave multifactor authentication disabled.

7. Test Policy

  1. Select your newly created policy
  2. Run user flow
  3. Enter Relying URL
  4. Run user flow

When clicking the Run user flow button, you will be redirected to the Trusona OIDC Gateway. On the Trusona Gateway you can scan the displayed Secure QR code with the Trusona App or with an custom app using the Trusona mobile SDK.

After scanning the Secure QR code, you should be redirected to the Reply URL you defined in the previous step.

8. Architecture

Trusona AAD B2C integration architecture diagram

Integrations

Desktop
IAM and SSO
SCIM
PAM
Productivity
VPN
General

Guides

Get started guides
Implementation guides
Users guides

SDKs

Mobile SDKs
Server SDKs
Web SDKs

APIs

Authentication Service
ID Proofing Service
Mobile Auth for Browsers Service

TOTP

Business
E-commerce
Finance
Productivity
Social
Gaming
Other