You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/active-directory-b2c-setup-aad-custom.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -203,4 +203,6 @@ If the sign in process is successful, your browser is redirected to `https://jwt
203
203
204
204
## Next steps
205
205
206
-
When working with custom policies, you might sometimes need additional information when troubleshooting a policy during its development. To help diagnose issues, you can temporarily put the policy into "developer mode" and collect logs with Azure Application Insights. Find out how in [Azure Active Directory B2C: Collecting Logs](active-directory-b2c-troubleshoot-custom.md).
206
+
When working with custom policies, you might sometimes need additional information when troubleshooting a policy during its development.
207
+
208
+
To help diagnose issues, you can temporarily put the policy into "developer mode" and collect logs with Azure Application Insights. Find out how in [Azure Active Directory B2C: Collecting Logs](active-directory-b2c-troubleshoot-custom.md).
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/active-directory-b2c-setup-commonaad-custom.md
+11-5Lines changed: 11 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -118,19 +118,23 @@ You can define Azure AD as a claims provider by adding Azure AD to the **ClaimsP
118
118
```
119
119
120
120
4. Under the **ClaimsProvider** element, update the value for **Domain** to a unique value that can be used to distinguish it from other identity providers.
121
-
5. Under the **TechnicalProfile** element, update the value for **DisplayName**, for example, *Contoso Employee*. This value is displayed on the sign-in button on your sign-in screen.
122
-
6. Set **client_id** to the application ID from the Azure AD multi-tenant app registration.
121
+
5. Under the **TechnicalProfile** element, update the value for **DisplayName**, for example, `Contoso Employee`. This value is displayed on the sign-in button on your sign-in page.
122
+
6. Set **client_id** to the application ID of the Azure AD multi-tenant application that you registered earlier.
123
123
124
124
### Restrict access
125
125
126
126
> [!NOTE]
127
127
> Using `https://sts.windows.net` as the value for **ValidTokenIssuerPrefixes** allows all Azure AD users to sign in to your application.
128
128
129
-
You need to update the list of valid token issuers and restrict access to a specific list of Azure AD tenant users who can sign in. To obtain the values, you need to look at the OpenID Connect discovery metadata for each of the Azure AD tenants that you would like to have users sign in from. The format of the metadata URL is similar to `https://login.windows.net/your-tenant/.well-known/openid-configuration`, where `your-tenant` is your Azure AD tenant name. For example, contoso.com, fabrikam.onmicrosoft.com, or any other Azure AD tenant name.
129
+
You need to update the list of valid token issuers and restrict access to a specific list of Azure AD tenant users who can sign in.
130
+
131
+
To obtain the values, look at the OpenID Connect discovery metadata for each of the Azure AD tenants that you would like to have users sign in from. The format of the metadata URL is similar to `https://login.windows.net/your-tenant/.well-known/openid-configuration`, where `your-tenant` is your Azure AD tenant name. For example:
Perform these steps for each Azure AD tenant that should be used to sign in:
132
136
133
-
1. Open your browser and go to the OpenID Connect metadata URL. Find the **issuer** object and record its value. It should look similar to `https://sts.windows.net/00000000-0000-0000-0000-000000000000/`.
137
+
1. Open your browser and go to the OpenID Connect metadata URL for the tenant. Find the **issuer** object and record its value. It should look similar to `https://sts.windows.net/00000000-0000-0000-0000-000000000000/`.
134
138
1. Copy and paste the value into the **ValidTokenIssuerPrefixes** key. Separate multiple issuers with a comma. An example with two issuers appears in the previous `ClaimsProvider` XML sample.
135
139
136
140
### Upload the extension file for verification
@@ -209,4 +213,6 @@ To test the multi-tenant sign-in capability, perform the last two steps using th
209
213
210
214
## Next steps
211
215
212
-
When working with custom policies, you might sometimes need additional information when troubleshooting a policy during its development. To help diagnose issues, you can temporarily put the policy into "developer mode" and collect logs with Azure Application Insights. Find out how in [Azure Active Directory B2C: Collecting Logs](active-directory-b2c-troubleshoot-custom.md).
216
+
When working with custom policies, you might sometimes need additional information when troubleshooting a policy during its development.
217
+
218
+
To help diagnose issues, you can temporarily put the policy into "developer mode" and collect logs with Azure Application Insights. Find out how in [Azure Active Directory B2C: Collecting Logs](active-directory-b2c-troubleshoot-custom.md).
0 commit comments