Setting up for Azure B2C development

Note: updated to use the newer IEFPolicies PowerShell module (Sep 2021)

Mar 2022: Added SAML-related tools

The following describes some techniques, tools and approaches I found useful when developing applications with Azure AD B2C. The first part deals with setting up a newly created B2C tenant using the Azure portal only. The second part deals with developing custom journeys (Identity Experience Framework) xml policies.

Portal-only development

  • Register a “Token Viewer” application, which can be used to view results of journeys. I use “” as reply url and enable both id and access tokens for implicit flow. This will allow you later to run default and custom journeys from the portal and see the results in the nice UI provided by this app.
  • Add a new user (Create user option) for use with the Microsoft Graph Explorer. It must be a user with the B2C tenant’s domain. The Explorer uses the user’s domain to determine which B2C tenant to operate on. You may also want to give this user an elevated privilege if you are planning to use Graph to operate on more than just basic functions.
  • Invite users, who will be involved in managing this tenant and the artifacts needed by applications: application registrations, user flows, custom journeys and similar. Use Invite User option in the Users tab.

Custom journey development

  • To use Identity Experience Framework custom journeys, the Azure B2C tenant needs some additional setup. You can do it as per these instructions or you can use my helper app to accomplish it using my helper web application. The latter is a multi-tenant Azure AD application. It will require that you sign in with an identity created as above in your B2C tenant that has enough privilege to manage keys and IEF policies (I use a global admin but you can do it with less privilege). Note that when it is complete, you will need to click on a link, which will allow you to grant consent to the required IEF apps.
  • [Added Sep 2021] Use VS.Code and install in it the B2C Extensions to develop your xml policies. These tools make navigation between various elements in your policies much, much easier.
  • Install IEFPolicies PowerShell module. It’s a useful tool for initializing IEF projects, importing the xml files to B2C and some other operations on the policies, e.g. CI/CD deployment. B2C Extensions has some of the same functionality so if you prefer to do all operations through its UI, the PS module is optional.
  • IEFPolicies module has a single command to add support for SAML applications using B2C: New-IefPoliciesSamlRP. You will still need to register the application in your B2C as per documentation. For development and test register a test app with AppId uri=’https://<yourtenant>’ and replyurl = ‘’. That application is publicly available and allows you to test your SAML RelyingParty journeys.
  • Setup your AppInsights service for use to debug custom policies. I keep an xml snippet which includes the instrumentation key around so that I can later add it to my relying party files when I need to debug them (pray that you will never need to get into that!).
  • At the same time, configure the settings of the B2C Extensions in VS.Code with the appropriate AppInsights values. It wil make your debugging experience much simpler!
  • Become familiar with the contents of the B2C Community github repo. Note in particular the sample policies – they are a great resource for both learning IEF and enhancing your own user journeys.

Leave a comment