In this article we'll list the steps of how you can set up SSO with Azure Active Directory B2C.
You can learn more details about SSO in our main article here.
Note: The activation of the SSO for Member Tools disables:
- The standard login with OfficeRnD user and password
- The Public Calendar Page and Sign-up Page
- Reset password links
- Token for auth in the invite to portal email
Table of Contents
- In OfficeRnD you can go to "Settings" -> "Integrations" and add Azure B2C Members SSO Authentication.
Click "Configure" and note down the Return URL read-only text.
You are going to use it shortly.
- Open the Azure portal - https://portal.azure.com/
Select the Azure "AD B2C module".
- Register a New Application by navigating to "App registrations" -> "+ New Application".
- While registering the application you will be asked for a Web Redirect URL.
Paste the "Return URL" copied from step 1.
- After successfully registering the application note down the "Application (client) ID" and copy it in a safe place.
- Then from the sidebar, navigate to "Certificates & secrets" and create a "New client secret".
- Give your secret a descriptive name, set an expiration period (if necessary) and save it.
- After adding the secret, note down text in the "Value" column and copy it.
- In OfficeRnD - go to "Settings"->"Integrations" and open the Azure B2C Members SSO Authentication configuration dialog and paste both the client ID and client secret you acquired in the previous steps.
- In the Azure portal, from the sidebar, navigate to "User flows" and create a "New user flow", or select an existing user flow.
- Select "Sign up & Sign in" (Recommended Version) and configure the user flow to your requirements.
Note: When configuring the user flow, make sure to check the Return claims for Email Addresses (plural) in the "5. User attributes and token claims" section.
- Then from the "User flow" details page, click "Run user flow", which will open a sidebar on the right. Copy the URL from the sidebar.
- To allow your users to seamlessly reset their password, register a "Reset Password (Recommended Version) flow".
Don't forget to check the "Return claims" as in the previous step.
- Note down and copy the URL from the sidebar for the Reset Password.
- In OfficeRnD - with the configuration dialog open, paste both URLs from the previous steps.
- In OfficeRnD - make sure the Claims Emails field contains the emails value.
Click "Update" to save the configuration.
- Open your browser in Incognito mode and navigate to your members portal.
You should now be able to authenticate with Azure.