Azure B2C with AFD and custom domain(s)

Enable Azure AD B2C custom domains - Azure AD B2C | Microsoft Docs

Be default Azure B2C comes with onmicrosoft.com login url. If you want to change it, you have to make use of custom domains via Azure Frontdoor.

How to?

Microsoft has an excellent article to establish this requirement.

In the article it’s stating that all the subdomains have to be registered to the tenant also.

Here is a YouTube video from Microsoft Security about the custom domain setup with Front Door.

Can I use Front Door wildcard domain?

You could but I didn’t have a public certificate to try it out. Seems like a working solution if you have a Wildcard public certificate in hand.

Why to add the Subdomains?

If you don’t have an own public certificate, you have to add subdomains.

When you have been using Azure or M365 services, you will verify the main custom domain and that’s all for most of the services.

You have to add subdomain for the routing to work inside Azure Front door.

After to addition your custom domain should be looking similar to this.

In my example I have cloudpartnerb2c.cloudpartnerdemo.fi as the custom login domain.

What happens if you don’t ?

You will get on Error 404.

What about custom policies?

Nothing has to changed inside your custom policies, not even in a multi-tenant setup.

So, what needs to changed?

The only place for will be asking for the b2clogin.com address is the application that is requesting the authentication.

Have and excellent new year and stay safe!

KEEP CALM AND Shut The Front Door! Poster | Tina | Keep Calm-o-Matic
Author: Harri Jaakkonen

Leave a Reply

Your email address will not be published. Required fields are marked *