You can configure the session behavior, including the session TTL and how Azure AD B2C shares the session across policies and applications. If the session is still active (or if the user has signed in with a local account instead of a federated account), Azure AD B2C authorizes the user and eliminates further prompts. If the federated identity provider session is expired or invalid, the federated identity provider prompts the user for their credentials. If a user initially signs in with a federated account, and then during the session time window (time-to-live, or TTL) signs in to the same app or a different app, Azure AD B2C tries to acquire a new access token from the federated identity provider. The cookie is stored under the Azure AD B2C tenant domain name, such as. When a user successfully authenticates with a local or social account, Azure AD B2C stores a cookie-based session on the user's browser. Application - Session managed by the web, mobile, or single page application. Federated identity provider - Session managed by the identity provider, for example Facebook, Salesforce, or Microsoft account.Azure AD B2C - Session managed by Azure AD B2C.Integration with Azure AD B2C involves three types of SSO sessions: Complete the steps in Get started with custom policies in Active Directory B2C.If the cookie-based session expires or becomes invalid, the user is prompted to sign-in again. Upon subsequent authentication requests, Azure AD B2C reads and validates the cookie-based session, and issues an access token without prompting the user to sign in again. When the user initially signs in to an application, Azure AD B2C persists a cookie-based session. The application can be a web, mobile, or single page application, regardless of platform or domain name. With single sign-on, users sign in once with a single account and get access to multiple applications. This article describes the single sign-on methods used in Azure AD B2C and helps you choose the most appropriate SSO method when configuring your policy. Single sign-on (SSO) adds security and convenience when users sign in across applications in Azure Active Directory B2C (Azure AD B2C). The steps required in this article are different for each method. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. Before you begin, use the Choose a policy type selector to choose the type of policy you’re setting up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |