2. Identity Setup

It is required to setup the identity as per the identity provider.  

  1. For Microsoft, Google, Facebook accounts: 
    1. It is required to create an Azure AD B2C tenant. Following steps are for setup and manage consumer identity management in the Cloud with Active Directory B2C. 
      1. Login to Azure portal and create a new Azure Active Directory B2C
      2. Link the Azure Active Directory B2C just created to an Azure subscription. Use existing Resource group created earlier.
      3. Create policies based on Identity provider. 
        1. Configure the identity provider – refer respective link to configure (Microsoft, Google, Facebook) Note: This may involve a custom configuration that may differ from the reference provided, you requested to use the assistance of the Project Sangam deployment team.
        2. After configuring the identity providers, use this link to create a sign-up and sign-in user flow

          1. Select Email Addresses, Given Name, Identity Provider and Surname in Application claims 
          2. Don’t select any Sign-up attributes 
      4. Create an application to get the corresponding Application ID.  
        1. Create a single application only 
        2. Enter the name of the application.  
        3. Switch on “Web App / Web API” 
        4. Make sure “Allow implicit flow” is turned off and “Native Client” is turned off.  
        5. Set the reply URI for Azure AD B2C as <basedomain>/signin-b2c (e.g.: https://<name>.azurewebsites.net/signin-b2c). Also add an additional url as https://<name>-staging.azurewebsites.net/signin-b2c. This URL will serve as a temporary testing URL on which the website will be deployed before moving to production. 
        6. Leave other values as default 
      5. Copy the Application ID value from the above screenshot to be added later for ClientId 
      6. Obtain a client secret. Under Application -> Go to “Keys-> Click on “+Generate Key” 
      7. Click on “Save” -> App Key will appear -> Copy the value, will be required later as ClientSecret
  2. For AD authentication 
    1. Create an Azure Active Directory and save the tenant name (e.g. <name>.onmicrosoft.com).  We also need the tenantId. To obtain that, go to the “Show diagnostics” section on the right and find the tenantId in the file downloaded. Save these two values. Would be required later to be filled up in parameters.json.  
    2. Create a new application
      1. Under the Active Directory, go to “App registrations” and click on “New application registration” 
      2. Enter the name of the application. Under ApplicationType”, select “Web App/API”. Under Sign-on URL, enter the URL of the website (e.g. https://<name>.azurewebsites.net) 
      3. You should now be able to see the application you just created in the “App Registrations” section 
    3. Obtain a ClientId and ClientSecret 
      1. Click on the application.  A page like below would be visible.
      2. Copy the value of “Application ID”. Would be required to be filled up later in the ClientID section of the parameters.json file
      3. Under “Reply URLs”, add a value https://<domain>/signin-azureAD (e.g. https://<name>.azurewebsites.net/signin-azureAD). Also add an additional url as https://<name>-staging.azurewebsites.net/signin-azureAD. This URL will serve as a temporary testing URL on which the website will be deployed before moving to production. 
      4. Click on “Keys” 
      5. Enter the name and expiry time of the secret and click on Save button.  
      6. A value would be shown. Save this value. Would be required later as the ClientSecret. 
      7. Last thing we need is the resourceId.
      8. Under the application, click on “Manifest” 
      9. Make sure that “oauth2AllowImplicitFlow” is turned to “false”. Copy the value of resourceAppId. Would be required to be filled up in parameters.json.
  3. For Phone Authentication 
    1. Get a ClientId and a ClientSecret given by the Sangam team by providing the redirect URI which is <basedomain>/signin-phone. Also add an additional URL as https://<name>-staging.azurewebsites.net/signin-phone. This URL will serve as a temporary testing URL on which the website will be deployed before moving to production.
Suggest edit
Last updated on May 13, 2019
Suggest Edit