Skip to content

Commit 97f516a

Browse files
v-edmckillopv-edmckillop
authored
Update partner-eid-me.md
1 parent 8e6051b commit 97f516a

File tree

1 file changed

+34
-39
lines changed

1 file changed

+34
-39
lines changed

articles/active-directory-b2c/partner-eid-me.md

Lines changed: 34 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -34,52 +34,48 @@ To get started, you need:
3434
* Go to bluink.ca to [learn more](https://bluink.ca/eid-me/solutions/id-verification#contact-form) and request a demo
3535
* An Azure subscription
3636
* If you don't have one, get an [Azure free account](https://azure.microsoft.com/free)
37-
* An Azure AD B2C tenant linked to thke Azure subscription
38-
* See, [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md)
37+
* An Azure AD B2C tenant linked to the Azure subscription
38+
* See, [Tutorial: Create an Azure AD B2C tenant](tutorial-create-tenant.md)
3939
* A trial or production version of the eID-Me Digital ID App
4040
* Go to bluink.ca to [Download the eID-Me Digital ID App](https://bluink.ca/eid-me/download)
4141

4242
See also, [Tutorial: Create user flows and custom policies in Azure AD B2C](./tutorial-create-user-flows.md?pivots=b2c-custom-policy).
4343

44-
4544
## Scenario description
4645

4746
eID-Me integrates with Azure AD B2C as an OpenID Connect (OIDC) identity provider. The following components comprise the eID-Me solution with Azure AD B2C:
4847

49-
* **An Azure AD B2C tenant**: Your Azure AD B2C tenant need be configured as a Relying Party in eID-Me. This allows the eID-Me identity provider to trust your Azure AD B2C tenant for sign up and sign in.
50-
* **An Azure AD B2C tenant application**: Although not strictly required, it's assumed that tenants need to have an Azure AD B2C tenant application. The application can receive identity claims received by Azure AD B2C during an eID-Me transaction.
51-
* **eID-Me smartphone apps**: Users of your Azure AD B2C tenant need to have the eID-Me smartphone app for iOS or Android.
52-
* **Issued eID-Me digital identities**: Before using eID-Me, users need to successfully go through the eID-Me identity proofing process. They need to have been issued a digital identity to the digital wallet within the app. This process is done from home and usually takes minutes provided the users have valid identity documents.
53-
54-
The eID-Me apps also provide strong authentication of the user during any transaction. X509 public key authentication using a private signing key contained within the eID-Me digital identity provides passwordless MFA.
48+
* **Azure AD B2C tenant** - configured as a relying party in eID-Me enables eID-Me to trust an Azure AD B2C tenant for sign up and sign in.
49+
* **Azure AD B2C tenant application** - because it's assumed tenants need an Azure AD B2C tenant application.
50+
* The application receives identity claims received by Azure AD B2C during transaction
51+
* **eID-Me smartphone apps** - Azure AD B2C tenant users need the app for iOS or Android
52+
* **Issued eID-Me digital identities** - from eID-Me identity proofing
53+
* Users are issued a digital identity to the digital wallet in the app. Valid identity documents required.
5554

56-
The following diagram shows the identity proofing process, which occurs outside of Azure AD B2C flows.
55+
The eID-Me apps authenticate users during transactions. The X509 public key authentication provides passwordless MFA, using a private signing key in the eID-Me digital identity.
5756

58-
![Screenshot shows the architecture of an identity proofing process flow in eID-Me](./media/partner-eid-me/partner-eid-me-identity-proofing.png)
57+
The following diagram illustrates eID-Me identity proofing, which occurs outside Azure AD B2C flows.
5958

60-
| Steps | Description |
61-
| :---- | :----------------------------------------------------------------------------------------------------------- |
62-
| 1. | User uploads a selfie capture into the eID-Me smartphone application. |
63-
| 2. | User scans and uploads a government issued identification document such as Passport or Driver license into the eID-Me smartphone application. |
64-
| 3. | The eID-Me smartphone application submits this data to eID-Me identity service for verification. |
65-
| 4. | A digital identity is issued to the user and saved in the application. |
59+
![Diagram of the identity proofing flow in eID-Me](./media/partner-eid-me/partner-eid-me-identity-proofing.png)
6660

67-
The following architecture diagram shows the implementation.
61+
1. User uploads a selfie to the eID-Me smartphone application.
62+
2. User scans and uploads a government issued identification document, such as passport or driver license, to the eID-Me smartphone application.
63+
3. eID-Me submits data to the identity service for verification.
64+
4. User is issued a digital identity, which is saved in the application.
6865

69-
![Screenshot shows the architecture of an Azure AD B2C integration with eID-Me](./media/partner-eid-me/partner-eid-me-architecture-diagram.png)
66+
The following diagram illustrates Azure AD B2C integration with eID-Me.
7067

71-
| Steps | Description |
72-
| :---- | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
73-
| 1. | User opens Azure AD B2C's sign in page, and then signs in or signs up by entering their username. |
74-
| 2. | User is forwarded to Azure AD B2C’s combined sign-in and sign-up policy. |
75-
| 3. | Azure AD B2C redirects the user to the eID-Me identity router using the OIDC authorization code flow. |
76-
| 4. | The eID-Me router sends a push notification to the user’s mobile app including all context details of the authentication and authorization request. |
77-
| 5. | The user reviews the authentication challenge; if accepted the user is prompted for identity claims, proving the user’s identity. |
78-
| 6. | The challenge response is returned to the eID-Me router. |
79-
| 7. | The eID-Me router then replies to Azure AD B2C with the authentication result. |
80-
| 8. | Response from Azure AD B2C is sent as an ID token to the application. |
81-
| 9. | Based on the authentication result, the user is granted or denied access. |
68+
![Diagram of Azure AD B2C integration with eID-Me](./media/partner-eid-me/partner-eid-me-architecture-diagram.png)
8269

70+
1. User opens Azure AD B2C's sign in page, and then signs in or signs up by entering their username.
71+
2. User is forwarded to Azure AD B2C’s combined sign-in and sign-up policy.
72+
3. Azure AD B2C redirects the user to the eID-Me identity router using the OIDC authorization code flow.
73+
4. The eID-Me router sends a push notification to the user’s mobile app including all context details of the authentication and authorization request.
74+
5. The user reviews the authentication challenge; if accepted the user is prompted for identity claims, proving the user’s identity.
75+
6. The challenge response is returned to the eID-Me router.
76+
7. The eID-Me router then replies to Azure AD B2C with the authentication result.
77+
8. Response from Azure AD B2C is sent as an ID token to the application.
78+
9. Based on the authentication result, the user is granted or denied access.
8379

8480
## Onboard with eID-Me
8581

@@ -89,14 +85,14 @@ The following architecture diagram shows the implementation.
8985

9086
To configure your tenant application as a Relying Party in eID-Me the following information should be supplied to eID-Me:
9187

92-
| Property | Description |
93-
| :--------------------------------- | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
94-
| Name | Azure AD B2C/your desired application name |
95-
| Domain | name.onmicrosoft.com |
96-
| Redirect URIs | https://jwt.ms |
97-
| Redirect URLs | `https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp`<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
98-
| URL for application home page | Will be displayed to the end user |
99-
| URL for application privacy policy | Will be displayed to the end user |
88+
| Property | Description|
89+
| ---- | --- |
90+
| Name | Azure AD B2C/your desired application name |
91+
| Domain| name.onmicrosoft.com|
92+
| Redirect URIs| https://jwt.ms|
93+
| Redirect URLs| `https://your-B2C-tenant-name.b2clogin.com/your-B2C-tenant-name.onmicrosoft.com/oauth2/authresp`<br>For Example: `https://fabrikam.b2clogin.com/fabrikam.onmicrosoft.com/oauth2/authresp`<br>If you use a custom domain, enter https://your-domain-name/your-tenant-name.onmicrosoft.com/oauth2/authresp.<br> Replace your-domain-name with your custom domain, and your-tenant-name with the name of your tenant. |
94+
| URL for application home page| Will be displayed to the end user|
95+
| URL for application privacy policy | Will be displayed to the end user|
10096

10197
eID-Me will provide a Client ID and a Client Secret once the Relying Party has been configured with eID-Me.
10298

@@ -594,4 +590,3 @@ For additional information, review the following articles:
594590

595591
- [eID-Me and Azure AD B2C integration guide](https://bluink.ca/eid-me/azure-b2c-integration-guide)
596592

597-
::: zone-end

0 commit comments

Comments
 (0)