On this page
- Prerequisite:
- Setup Video:
- Steps to configure Drupal as OAuth Client:
- Configure OAuth/OIDC SSO Application in Microsoft Azure AD B2C:
- Integrating Drupal with Azure AD B2C :
- How to create Policy for User Flows in Azure Active Directory B2C
- Test Configuration of Drupal with Azure AD B2C:
- How to perform the SSO login?
- Contact our 24*7 support team
Azure B2C OAuth SSO Setup
This document will help you configure Azure AD B2C as an OpenID provider making Drupal as an OAuth Client. Following these steps will allow you to configure OAuth/OpenID SSO between Azure AD B2C and your Drupal site such that your users will be able to log into your Drupal site using their Azure AD B2C credentials.
We provide Drupal OAuth & OpenID Connect Login - OAuth2 Client SSO Login module which is compatible with Drupal 7, Drupal 8, Drupal 9, Drupal 10, and Drupal 11.
Prerequisite:
- Install and activate the OAuth & OpenID Connect Login - OAuth2 Client SSO Login module on your Drupal site. Follow these steps to install the module.
Setup Video:
Steps to configure Drupal as OAuth Client:
-
After installing the module, navigate to the Configuration tab and click on the miniOrang OAuth Client.
-
In the Manage section under the Client Configuration tab, click + Add New to configure the desired OAuth client.
-
Under the Add tab, select the desired OAuth Application from the dropdown.
-
Next, enter the application name in the Custom App Name text field (for example, Azure B2C).
-
Copy the Callback/Redirect URL and keep it handy.
Note: If the desired OAuth Provider is not listed in the dropdown, please select Custom OAuth Provider / Custom OpenID Provider and continue.
Configure OAuth/OIDC SSO Application in Microsoft Azure AD B2C:
- Sign in to the Microsoft Azure admin console.
-
Click on the Azure AD B2C from the Azure services.
-
From the left-hand navigation panel, click on the App registrations service, and then click on the New registration button to create a new Azure B2C application.
- On the Register an application panel, enter the required information to create the new application:
- Name: Enter application name in the Name text field.
- Supported account types: Select 3rd option ‘Accounts in any organizational directory (for authenticating users with user flows)’. You can also refer to Help me choose an option if needed.
-
For Redirect URI (recommended), select Web from the Select a platform dropdown list. Then, into the text field, paste the previously copied Callback/Redirect URL.
- Then, click on the Register button.
Integrating Drupal with Azure AD B2C :
-
Azure AD B2C assigns a unique Application ID to your application. Copy the Application (client) ID.
-
In Drupal’s Add tab, paste the copied Application (client) ID into the Client Id text field.
- Navigate to the Microsoft Azure portal.
-
To generate a client secret, go to the left navigation panel and select Certificates & secrets, then click on the New client secret button.
- After clicking on the New client secret button, Add a client secret popup will get opened then fill out all of the required details:
- Description: Enter a description for this client secret
-
Expires: Select the duration from the Expires dropdown.
- Click on the Add button.
-
Now, copy the Value from the Client secrets tab. This will be your Client Secret key.
-
Then, go back to the Drupal site and paste the copied Client Secret into the Client Secret text field.
- Again, go back to the Microsoft Azure portal.
-
Navigate to the top-left side panel and select Azure AD B2C | New registration.
-
Now, copy the Domain name. (This is your Tenant Name)
-
Go back to the Drupal site and replace the copied Domain Name with {tenant-name} in the Authorize Endpoint and Access Token Endpoint text fields respectively.
How to create Policy for User Flows in Azure Active Directory B2C
- Navigate to the Microsoft Azure portal.
-
From the Policies section, select User flows.
-
Click on the New user flow button.
-
On the Create a user flow panel, select the Sign up and sign in card/box for the user flow.
-
Under Version, select the Recommended card/box, then click on the Create button.
- In the Create panel, enter the following information:
- Name: Enter the Name of the user flow. For example, B2C_1_AzureB2CTest. (This cannot be changed after a user flow has been created)
- For Identity providers, select Email signup.
-
User attributes and token claims: Choose which claims and attributes you wish to collect and send from the user during the sign-up process. Select attributes and claims for Country/Region, Display Name, Email Address and Given Name by clicking on the Show more link. Select OK.
- Click on the Create button to add a user flow. (The B2C_1_ prefix is automatically appended to the name.)
-
Then, copy the Name for the user flow. (This is your Policy name)
- Navigate to the Drupal site, and replace the copied Name with the {policy-name} in the Authorize Endpoint and Access Token Endpoint text fields.
- The Send Client ID and Secret in header or body checkbox is used to send Client ID and Secret inside the header or body of the Token End Point Request.
- Click on the checkbox to Enable Login with OAuth.
-
When you're done configuring, click the Save Configuration button.
-
The Send Client ID and Secret in Header or Body checkbox allows you to specify whether the Client ID and Secret should be included in the header or the body of the Token Endpoint Request. If you're unsure which option to select, you can stick with the default settings.
You can also refer to the Azure AD B2C Endpoints and scope from the table given below.
| Scope: | openid |
| Authorize Endpoint: | https://{tenant-name}.b2clogin.com/{tenant-name}.onmicrosoft.com/{policy-name}/oauth2/v2.0/authorize |
| Access Token Endpoint: | https://{tenant-name}.b2clogin.com/{tenant-name}.onmicrosoft.com/{policy-name}/oauth2/v2.0/token |
Test Configuration of Drupal with Azure AD B2C:
-
After successfully saving the configurations, click on the Perform Test Configuration button to check the connection between Drupal and Azure AD B2C.
- On a Test Configuration pop-up, if you don't have an active session in Azure AD B2C on the same browser, you will be asked to sign in to your Azure AD B2C. After successfully logging into Azure AD B2C, you will be provided with a list of attributes that are received from Azure AD B2C.
-
Scroll down and click on the Configure Attribute / Role Mapping button.
- In the Attribute Mapping tab, the attributes received from the OAuth server are displayed in the Test Configuration Attributes section on the right. Select the appropriate OAuth Server Attribute from the dropdown and map it to the corresponding Drupal Machine Attribute (for example, map
given_nametoname). -
Now, scroll to the bottom and click on the Save Configuration option.
Please Note: Mapping the Email Attribute is mandatory for your login to work.
Congratulations! You have successfully configured Azure AD B2C as an OAuth Provider and Drupal as an OAuth Client.
How to perform the SSO login?
- Now, open a new browser/private window and go to your Drupal site login page.
- Click on the Login using Azure B2C link to initiate the SSO from Drupal.
-
If you want to add the SSO link to other pages as well, please follow the steps given in the image below:
Back to topHelp improve this page
You can:
- Log in, click Edit, and edit this page
- Log in, click Discuss, update the Page status value, and suggest an improvement
- Log in and create a Documentation issue with your suggestion
