|
1 | 1 | --- |
2 | 2 | title: Keep Me Signed In in Azure Active Directory B2C | Microsoft Docs |
3 | | -description: A topic demonstrating how to set up 'keep me signed in'. |
| 3 | +description: Learn how to set up Keep Me Signed In (KMSI) in Azure Active Directory B2C. |
4 | 4 | services: active-directory-b2c |
5 | 5 | author: davidmu1 |
6 | 6 | manager: mtillman |
7 | 7 |
|
8 | 8 | ms.service: active-directory |
9 | 9 | ms.workload: identity |
10 | 10 | ms.topic: conceptual |
11 | | -ms.date: 09/05/2016 |
| 11 | +ms.date: 08/27/2018 |
12 | 12 | ms.author: davidmu |
13 | 13 | ms.component: B2C |
14 | 14 | --- |
15 | 15 |
|
16 | | -# Azure Active Directory B2C: Enable 'Keep me signed in (KMSI)' |
17 | | -[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)] |
| 16 | +# Enable Keep me signed in (KMSI) in Azure Active Directory B2C |
18 | 17 |
|
19 | | -Azure AD B2C now allows your web and native applications to enable the 'Keep me signed in (KMSI)' functionality. This feature grants access to returning users to application without prompting to reenter the username and password. This access is revoked when the user logs out. |
| 18 | +[!INCLUDE [active-directory-b2c-advanced-audience-warning](../../includes/active-directory-b2c-advanced-audience-warning.md)] |
20 | 19 |
|
21 | | -We recommend against users checking this option on public computers. |
| 20 | +You can enable Keep Me Signed In (KMSI) functionality for your web and native applications in Azure Active Directory (Azure AD) B2C. This feature grants access to returning users to the application without prompting them to reenter their username and password. This access is revoked when a user signs out. |
22 | 21 |
|
23 | | - |
| 22 | +Users should not enable this option on public computers. |
24 | 23 |
|
| 24 | + |
25 | 25 |
|
26 | 26 | ## Prerequisites |
27 | 27 |
|
28 | | -An Azure AD B2C tenant configured to allow local account sign-up/sign-in, as described in [Getting started](active-directory-b2c-get-started-custom.md). |
29 | | - |
30 | | -## How to enable KMSI |
31 | | - |
32 | | -Make the following changes in your trust framework extensions policy. |
33 | | - |
34 | | -## Adding a content definition element |
35 | | - |
36 | | -The `BuildingBlocks` node of your extention file must include a `ContentDefinitions` element. |
37 | | - |
38 | | -1. In the `ContentDefinitions` section, define a new `ContentDefinition` with ID `api.signuporsigninwithkmsi`. |
39 | | -2. Your new `ContentDefinition` must include a `LoadUri`, `RecoveryUri` and `DataUri` as follows. |
40 | | -3. Datauri`urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0` is a machine understandable identifier that brings up a KMSI check box in the sign-in pages. Please make sure you don't change this value. |
41 | | - |
42 | | -```XML |
43 | | - <BuildingBlocks> |
44 | | - <ContentDefinitions> |
45 | | - <ContentDefinition Id="api.signuporsigninwithkmsi"> |
46 | | - <LoadUri>~/tenant/default/unified.cshtml</LoadUri> |
47 | | - <RecoveryUri>~/common/default_page_error.html</RecoveryUri> |
48 | | - <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri> |
49 | | - <Metadata> |
50 | | - <Item Key="DisplayName">Signin and Signup</Item> |
51 | | - </Metadata> |
52 | | - </ContentDefinition> |
53 | | - </ContentDefinitions> |
54 | | - </BuildingBlocks> |
55 | | -``` |
56 | | - |
57 | | - |
58 | | - |
59 | | -## Add a local account sign-in claims provider |
60 | | - |
61 | | -You can define Local Account SignIn as a claims provider to the `<ClaimsProvider>` node in the extension file of your policy: |
62 | | - |
63 | | -1. Open the extension file (TrustFrameworkExtensions.xml) from your working directory. |
64 | | -2. Find the `<ClaimsProviders>` section. If it does not exist, add it under the root node. |
65 | | -3. The starter pack from [Getting started](active-directory-b2c-get-started-custom.md) comes with a 'Local Account SignIn' claims provider. |
66 | | -4. If not, add a new `<ClaimsProvider>` node as follows: |
67 | | - |
68 | | -```XML |
69 | | -<ClaimsProviders> |
70 | | - <ClaimsProvider> |
71 | | - <DisplayName>Local Account SignIn</DisplayName> |
72 | | - <TechnicalProfiles> |
73 | | - <TechnicalProfile Id="login-NonInteractive"> |
74 | | - <Metadata> |
75 | | - <Item Key="client_id">ProxyIdentityExperienceFrameworkAppId</Item> |
76 | | - <Item Key="IdTokenAudience">IdentityExperienceFrameworkAppId</Item> |
77 | | - </Metadata> |
78 | | - <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="ProxyIdentityExperienceFrameworkAppID" /> |
79 | | - <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="IdentityExperienceFrameworkAppID" /> |
80 | | - </InputClaims> |
81 | | - </TechnicalProfile> |
82 | | - </TechnicalProfiles> |
83 | | - </ClaimsProvider> |
84 | | - </ClaimsProviders> |
85 | | -``` |
86 | | - |
87 | | -### Add the application IDs to your custom policy |
88 | | - |
89 | | -Add the application IDs to the extensions file (`TrustFrameworkExtensions.xml`): |
90 | | - |
91 | | -1. In the extensions file (TrustFrameworkExtensions.xml), find the element `<TechnicalProfile Id="login-NonInteractive">` and `<TechnicalProfile Id="login-NonInteractive-PasswordChange">` |
92 | | - |
93 | | -2. Replace all instances of `IdentityExperienceFrameworkAppId` with the application ID of the Identity Experience Framework application as described in [Getting started](active-directory-b2c-get-started-custom.md). Here is an example: |
94 | | - |
95 | | - ``` |
96 | | - <Item Key="client_id">8322dedc-cbf4-43bc-8bb6-141d16f0f489</Item> |
97 | | - ``` |
98 | | - |
99 | | -3. Replace all instances of `ProxyIdentityExperienceFrameworkAppId` with the application ID of the Proxy Identity Experience Framework application as described in [Getting started](active-directory-b2c-get-started-custom.md). |
100 | | - |
101 | | -4. Save your extensions file. |
102 | | - |
103 | | -## Create a KMSI in enabled user journey |
104 | | - |
105 | | -You now need to add Local Account SignIn claims provider to your user journey. |
106 | | - |
107 | | -1. Open the base file of your policy (for example, TrustFrameworkBase.xml). |
108 | | -2. Find the `<UserJourneys>` element and copy the entire `<UserJourney>` node that includes `Id="SignUpOrSignIn"`. |
109 | | -3. Open the extension file (for example, TrustFrameworkExtensions.xml) and find the `<UserJourneys>` element. If the element doesn't exist, add one. |
110 | | -4. Paste the entire `<UserJourney>` node that you copied as a child of the `<UserJourneys>` element. |
111 | | -5. Rename the ID of the new user journey (for example, rename as `SignUpOrSignInWithKmsi`). |
112 | | -6. Finally, in `OrchestrationStep 1` change the `ContentDefinitionReferenceId` to `api.signuporsigninwithkmsi` , you definied in the earlier steps. This enables the checkbox in the user journey. |
113 | | -7. You are done modifying the extension file. Save and upload this file. Ensure that all validations succeed. |
114 | | - |
115 | | -```XML |
116 | | -<UserJourneys> |
117 | | - <UserJourney Id="SignUpOrSignInWithKmsi"> |
118 | | - <OrchestrationSteps> |
119 | | - <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsigninwithkmsi"> |
120 | | - <ClaimsProviderSelections> |
121 | | - <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" /> |
122 | | - </ClaimsProviderSelections> |
123 | | - <ClaimsExchanges> |
124 | | - <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" /> |
125 | | - </ClaimsExchanges> |
126 | | - </OrchestrationStep> |
127 | | - <OrchestrationStep Order="2" Type="ClaimsExchange"> |
128 | | - <Preconditions> |
129 | | - <Precondition Type="ClaimsExist" ExecuteActionsIf="true"> |
130 | | - <Value>objectId</Value> |
131 | | - <Action>SkipThisOrchestrationStep</Action> |
132 | | - </Precondition> |
133 | | - </Preconditions> |
134 | | - <ClaimsExchanges> |
135 | | - <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" /> |
136 | | - </ClaimsExchanges> |
137 | | - </OrchestrationStep> |
138 | | - <!-- This step reads any user attributes that we may not have received when in the token. --> |
139 | | - <OrchestrationStep Order="3" Type="ClaimsExchange"> |
140 | | - <ClaimsExchanges> |
141 | | - <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" /> |
142 | | - </ClaimsExchanges> |
143 | | - </OrchestrationStep> |
144 | | - <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" /> |
145 | | - </OrchestrationSteps> |
146 | | - <ClientDefinition ReferenceId="DefaultWeb" /> |
147 | | - </UserJourney> |
148 | | - </UserJourneys> |
149 | | -``` |
150 | | - |
151 | | -## Create a relying party (RP) file |
152 | | - |
153 | | -Next, update the relying party (RP) file that initiates the user journey that you created: |
154 | | - |
155 | | -1. Make a copy of SignUpOrSignIn.xml in your working directory. Then, rename it (for example, SignUpOrSignInWithKmsi.xml). |
156 | | - |
157 | | -2. Open the new file and update the `PolicyId` attribute for `<TrustFrameworkPolicy>` with a unique value. This is the name of your policy (for example, SignUpOrSignInWithKmsi). |
158 | | - |
159 | | -3. Modify the `ReferenceId` attribute in `<DefaultUserJourney>` to match the `Id` of the new user journey that you created (for example, SignUpOrSignInWithKmsi). |
160 | | - |
161 | | -4. KMSI is configured in `UserJourneyBehaviors`. |
162 | | - |
163 | | -5. **`KeepAliveInDays`** controls how long the user remains signed in. In the following example, KMSI session automatically expires after 14 days regardless of how often the user performs silent authentication. |
164 | | - |
165 | | - Setting `KeepAliveInDays` value to 0 turns off KMSI functionality. By default, this value is 0 |
166 | | - |
167 | | -6. If **`SessionExpiryType`** is *Rolling*, then the KMSI session is extended by 14 days every time the user performs silent authentication. If *Rolling* is selected, we recommend you to keep the number of days to minimum. |
168 | | - |
169 | | - <RelyingParty> |
170 | | - <DefaultUserJourney ReferenceId="SignUpOrSignInWithKmsi" /> |
171 | | - <UserJourneyBehaviors> |
172 | | - <SingleSignOn Scope="Tenant" KeepAliveInDays="14" /> |
173 | | - <SessionExpiryType>Absolute</SessionExpiryType> |
174 | | - <SessionExpiryInSeconds>1200</SessionExpiryInSeconds> |
175 | | - </UserJourneyBehaviors> |
176 | | - <TechnicalProfile Id="PolicyProfile"> |
177 | | - <DisplayName>PolicyProfile</DisplayName> |
178 | | - <Protocol Name="OpenIdConnect" /> |
179 | | - <OutputClaims> |
180 | | - <OutputClaim ClaimTypeReferenceId="displayName" /> |
181 | | - <OutputClaim ClaimTypeReferenceId="givenName" /> |
182 | | - <OutputClaim ClaimTypeReferenceId="surname" /> |
183 | | - <OutputClaim ClaimTypeReferenceId="email" /> |
184 | | - <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/> |
185 | | - </OutputClaims> |
186 | | - <SubjectNamingInfo ClaimType="sub" /> |
187 | | - </TechnicalProfile> |
188 | | - </RelyingParty> |
189 | | - |
190 | | -7. Save your changes, and then upload the file. |
191 | | - |
192 | | -8. To test the custom policy that you uploaded, in the Azure portal, go to the policy blade, and then click **Run now**. |
193 | | - |
194 | | - |
195 | | -## Link to sample policy |
| 28 | +An Azure AD B2C tenant that is configured to allow local account sign-up and sign-in. If you don't have a tenant, you can create one using the steps in [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md). |
| 29 | + |
| 30 | +## Add a content definition element |
| 31 | + |
| 32 | +Under the **BuildingBlocks** element of your extension file, add a **ContentDefinitions** element. |
| 33 | + |
| 34 | +1. Under the **ContentDefinitions** element, add a **ContentDefinition** element with an identifier of `api.signuporsigninwithkmsi`. |
| 35 | +2. Under the **ContentDefinition** element, add the **LoadUri**, **RecoveryUri**, and **DataUri** elements. The `urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0` value of the **DataUri** element is a machine understandable identifier that brings up a KMSI check box in the sign-in pages. This value must not be changed. |
| 36 | + |
| 37 | + ```XML |
| 38 | + <BuildingBlocks> |
| 39 | + <ContentDefinitions> |
| 40 | + <ContentDefinition Id="api.signuporsigninwithkmsi"> |
| 41 | + <LoadUri>~/tenant/default/unified.cshtml</LoadUri> |
| 42 | + <RecoveryUri>~/common/default_page_error.html</RecoveryUri> |
| 43 | + <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.1.0</DataUri> |
| 44 | + <Metadata> |
| 45 | + <Item Key="DisplayName">Signin and Signup</Item> |
| 46 | + </Metadata> |
| 47 | + </ContentDefinition> |
| 48 | + </ContentDefinitions> |
| 49 | + </BuildingBlocks> |
| 50 | + ``` |
| 51 | + |
| 52 | +## Add a sign-in claims provider for a local account |
| 53 | + |
| 54 | +You can define local account sign-in as a claims provider using the **ClaimsProvider** element in the extension file of your policy: |
| 55 | + |
| 56 | +1. Open the *TrustFrameworkExtensions.xml* file from your working directory. |
| 57 | +2. Find the **ClaimsProviders** element. If it doesn't exist, add it under the root element. The [starter pack](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/archive/master.zip) includes a local account sign-in claims provider. |
| 58 | +3. Add a **ClaimsProvider** element with the **DisplayName** and **TechnicalProfile** as shown in the following example: |
| 59 | + |
| 60 | + ```XML |
| 61 | + <ClaimsProviders> |
| 62 | + <ClaimsProvider> |
| 63 | + <DisplayName>Local Account SignIn</DisplayName> |
| 64 | + <TechnicalProfiles> |
| 65 | + <TechnicalProfile Id="login-NonInteractive"> |
| 66 | + <Metadata> |
| 67 | + <Item Key="client_id">ProxyIdentityExperienceFrameworkAppId</Item> |
| 68 | + <Item Key="IdTokenAudience">IdentityExperienceFrameworkAppId</Item> |
| 69 | + </Metadata> |
| 70 | + <InputClaims> |
| 71 | + <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="ProxyIdentityExperienceFrameworkAppID" /> |
| 72 | + <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="IdentityExperienceFrameworkAppID" /> |
| 73 | + </InputClaims> |
| 74 | + </TechnicalProfile> |
| 75 | + </TechnicalProfiles> |
| 76 | + </ClaimsProvider> |
| 77 | + </ClaimsProviders> |
| 78 | + ``` |
| 79 | + |
| 80 | +### Add the application identifiers to your custom policy |
| 81 | + |
| 82 | +Add the application identifiers to the *TrustFrameworkExtensions.xml* file. |
| 83 | + |
| 84 | +1. In the *TrustFrameworkExtensions.xml* file, find the **TechnicalProfile** element with the identifier of `login-NonInteractive` and the **TechnicalProfile** element with an identifier of `login-NonInteractive-PasswordChange` and replace all values of `IdentityExperienceFrameworkAppId` with the application identifier of the Identity Experience Framework application as described in [Getting started](active-directory-b2c-get-started-custom.md). |
| 85 | + |
| 86 | + ``` |
| 87 | + <Item Key="client_id">8322dedc-cbf4-43bc-8bb6-141d16f0f489</Item> |
| 88 | + ``` |
| 89 | + |
| 90 | +2. Replace all values of `ProxyIdentityExperienceFrameworkAppId` with the application identifier of the Proxy Identity Experience Framework application as described in [Getting started](active-directory-b2c-get-started-custom.md). |
| 91 | +3. Save the extensions file. |
| 92 | + |
| 93 | +## Create a KMSI enabled user journey |
| 94 | + |
| 95 | +Add the sign-in claims provider for a local account to your user journey. |
| 96 | + |
| 97 | +1. Open the base file of your policy. For example, *TrustFrameworkBase.xml*. |
| 98 | +2. Find the **UserJourneys** element and copy the entire contents of the **UserJourney** element that uses the identifier of `SignUpOrSignIn`. |
| 99 | +3. Open the extension file. For example, *TrustFrameworkExtensions.xml* and find the **UserJourneys** element. If the element doesn't exist, add one. |
| 100 | +4. Paste the entire **UserJourney** element that you copied as a child of the **UserJourneys** element. |
| 101 | +5. Change the value of the identifier for the new user journey. For example, `SignUpOrSignInWithKmsi`. |
| 102 | +6. Finally, in the first orchestration step change the value of **ContentDefinitionReferenceId** to `api.signuporsigninwithkmsi`. The setting of this value enables the checkbox in the user journey. |
| 103 | +7. Save and upload the extension file and make sure that all validations succeed. |
| 104 | + |
| 105 | + ```XML |
| 106 | + <UserJourneys> |
| 107 | + <UserJourney Id="SignUpOrSignInWithKmsi"> |
| 108 | + <OrchestrationSteps> |
| 109 | + <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsigninwithkmsi"> |
| 110 | + <ClaimsProviderSelections> |
| 111 | + <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" /> |
| 112 | + </ClaimsProviderSelections> |
| 113 | + <ClaimsExchanges> |
| 114 | + <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" /> |
| 115 | + </ClaimsExchanges> |
| 116 | + </OrchestrationStep> |
| 117 | + <OrchestrationStep Order="2" Type="ClaimsExchange"> |
| 118 | + <Preconditions> |
| 119 | + <Precondition Type="ClaimsExist" ExecuteActionsIf="true"> |
| 120 | + <Value>objectId</Value> |
| 121 | + <Action>SkipThisOrchestrationStep</Action> |
| 122 | + </Precondition> |
| 123 | + </Preconditions> |
| 124 | + <ClaimsExchanges> |
| 125 | + <ClaimsExchange Id="SignUpWithLogonEmailExchange" TechnicalProfileReferenceId="LocalAccountSignUpWithLogonEmail" /> |
| 126 | + </ClaimsExchanges> |
| 127 | + </OrchestrationStep> |
| 128 | + <!-- This step reads any user attributes that we may not have received when in the token. --> |
| 129 | + <OrchestrationStep Order="3" Type="ClaimsExchange"> |
| 130 | + <ClaimsExchanges> |
| 131 | + <ClaimsExchange Id="AADUserReadWithObjectId" TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" /> |
| 132 | + </ClaimsExchanges> |
| 133 | + </OrchestrationStep> |
| 134 | + <OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" /> |
| 135 | + </OrchestrationSteps> |
| 136 | + <ClientDefinition ReferenceId="DefaultWeb" /> |
| 137 | + </UserJourney> |
| 138 | + </UserJourneys> |
| 139 | + ``` |
| 140 | + |
| 141 | +## Create a relying party file |
| 142 | + |
| 143 | +Update the relying party (RP) file that initiates the user journey that you created. |
| 144 | + |
| 145 | +1. Make a copy of *SignUpOrSignIn.xml* file in your working directory, and then rename it. For example, *SignUpOrSignInWithKmsi.xml*. |
| 146 | +2. Open the new file and update the **PolicyId** attribute for the **TrustFrameworkPolicy** with a unique value. This is the name of your policy. For example, `SignUpOrSignInWithKmsi`. |
| 147 | +3. Change the **ReferenceId** attribute for the **DefaultUserJourney** element to match the identifier of the new user journey that you created. For example, `SignUpOrSignInWithKmsi`. |
| 148 | + |
| 149 | + KMSI is configured using the **UserJourneyBehaviors** element. The **KeepAliveInDays** attribute controls how long the user remains signed in. In the following example, the KMSI session automatically expires after `7` days regardless of how often the user performs silent authentication. Setting the **KeepAliveInDays** value to `0` turns off KMSI functionality. By default, this value is `0`. If the value of **SessionExpiryType** is `Rolling`, the KMSI session is extended by `7` days every time the user performs silent authentication. If `Rolling` is selected, you should keep the number of days to minimum. |
| 150 | + |
| 151 | + The value of **SessionExpiryInSeconds** represents the expiry time of an SSO session. This is used internally by Azure AD B2C to check whether the session for KMSI is expired or not. The value of **KeepAliveInDays** determines the Expires/Max-Age value of the SSO cookie in the web browser. Unlike **SessionExpiryInSeconds**, **KeepAliveInDays** is used to prevent the browser from clearing the cookie when it's closed. A user can silently sign in only if the SSO session cookie exists, which is controlled by **KeepAliveInDays**, and is not expired, which is controlled by **SessionExpiryInSeconds**. It is recommended that you set the value of **SessionExpiryInSeconds** to be the equivalent time of **KeepAliveInDays** in seconds, as shown in the following example. |
| 152 | + |
| 153 | + ```XML |
| 154 | + <RelyingParty> |
| 155 | + <DefaultUserJourney ReferenceId="SignUpOrSignInWithKmsi" /> |
| 156 | + <UserJourneyBehaviors> |
| 157 | + <SingleSignOn Scope="Tenant" KeepAliveInDays="7" /> |
| 158 | + <SessionExpiryType>Absolute</SessionExpiryType> |
| 159 | + <SessionExpiryInSeconds>604800</SessionExpiryInSeconds> |
| 160 | + </UserJourneyBehaviors> |
| 161 | + <TechnicalProfile Id="PolicyProfile"> |
| 162 | + <DisplayName>PolicyProfile</DisplayName> |
| 163 | + <Protocol Name="OpenIdConnect" /> |
| 164 | + <OutputClaims> |
| 165 | + <OutputClaim ClaimTypeReferenceId="displayName" /> |
| 166 | + <OutputClaim ClaimTypeReferenceId="givenName" /> |
| 167 | + <OutputClaim ClaimTypeReferenceId="surname" /> |
| 168 | + <OutputClaim ClaimTypeReferenceId="email" /> |
| 169 | + <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub"/> |
| 170 | + </OutputClaims> |
| 171 | + <SubjectNamingInfo ClaimType="sub" /> |
| 172 | + </TechnicalProfile> |
| 173 | + </RelyingParty> |
| 174 | + ``` |
| 175 | + |
| 176 | +4. Save your changes and then upload the file. |
| 177 | +5. To test the custom policy that you uploaded, in the Azure portal, go to the policy page, and then select **Run now**. |
196 | 178 |
|
197 | 179 | You can find the sample policy [here](https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/keep%20me%20signed%20in). |
198 | 180 |
|
|
0 commit comments