You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory-b2c/technical-overview.md
+7-9Lines changed: 7 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,7 @@ manager: celestedg
8
8
ms.service: active-directory
9
9
ms.workload: identity
10
10
ms.topic: overview
11
-
ms.date: 09/19/2019
11
+
ms.date: 05/28/2020
12
12
ms.author: mimart
13
13
ms.subservice: B2C
14
14
---
@@ -32,7 +32,7 @@ The primary resources you work with in an Azure AD B2C tenant are:
32
32
**Social* identity providers like Facebook, LinkedIn, or Twitter that you want to support in your applications.
33
33
**External* identity providers that support standard identity protocols like OAuth 2.0, OpenID Connect, and more.
34
34
**Local* accounts that enable users to sign up and sign in with a username (or email address or other ID) and password.
35
-
***Keys** - Add and manage encryption keys for signing and validating tokens.
35
+
***Keys** - Add and manage encryption keys for signing and validating tokens, client secrets, certificates, and passwords.
36
36
37
37
An Azure AD B2C tenant is the first resource you need to create to get started with Azure AD B2C. Learn how in [Tutorial: Create an Azure Active Directory B2C tenant](tutorial-create-tenant.md).
38
38
@@ -65,7 +65,7 @@ Learn more about the user account types in Azure AD B2C in [Overview of user acc
65
65
66
66
## External identity providers
67
67
68
-
You can configure Azure AD B2C to allow users to sign in to your application with credentials from external social or enterprise identity providers (IdP). Azure AD B2C supports external identity providers like Facebook, Microsoft account, Google, Twitter, and any identity provider that supports OAuth 1.0, OAuth 2.0, OpenID Connect, SAML, or WS-Federation protocols.
68
+
You can configure Azure AD B2C to allow users to sign in to your application with credentials from external social or enterprise identity providers (IdP). Azure AD B2C supports external identity providers like Facebook, Microsoft account, Google, Twitter, and any identity provider that supports OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML protocols.
@@ -130,16 +130,14 @@ Learn more about custom policies in [Custom policies in Azure Active Directory B
130
130
131
131
## Protocols and tokens
132
132
133
-
Azure AD B2C supports the [OpenID Connect and OAuth 2.0 protocols](protocols-overview.md) for user journeys. In the Azure AD B2C implementation of OpenID Connect, your application starts the user journey by issuing authentication requests to Azure AD B2C.
133
+
- For applications, Azure AD B2C supports the [OAuth 2.0](protocols-overview.md), [OpenID Connect](openid-connect.md), and [SAML protocols](connect-with-saml-service-providers.md) for user journeys. Your application starts the user journey by issuing authentication requests to Azure AD B2C. The result of a request to Azure AD B2C is a security token, such as an [ID token, access token](tokens-overview.md), or SAML token. This security token defines the user's identity within the application.
134
134
135
-
The result of a request to Azure AD B2C is a security token, such as an [ID token or access token](tokens-overview.md). This security token defines the user's identity. Tokens are received from Azure AD B2C endpoints like the `/token` or `/authorize` endpoint. With these tokens, you can access claims that can be used to validate an identity and allow access to secure resources.
135
+
- For external identities, Azure AD B2C supports federation with any OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML identity providers.
136
136
137
-
For external identities, Azure AD B2C supports federation with any OAuth 1.0, OAuth 2.0, OpenID Connect, SAML, and WS-Fed identity provider.
137
+
The following diagram shows how Azure AD B2C can communicate using a variety of protocols within the same authentication flow:
138
138
139
139
140
140
141
-
The preceding diagram shows how Azure AD B2C can communicate using variety of protocols within the same authentication flow:
142
-
143
141
1. The relying party application initiates an authorization request to Azure AD B2C using OpenID Connect.
144
142
1. When a user of the application chooses to sign in using an external identity provider that uses the SAML protocol, Azure AD B2C invokes the SAML protocol to communicate with that identity provider.
145
143
1. After the user completes the sign-in operation with the external identity provider, Azure AD B2C then returns the token to the relying party application using OpenID Connect.
@@ -263,4 +261,4 @@ Find out more about usage analytics in [Track user behavior in Azure Active Dire
263
261
Now that you have deeper view into the features and technical aspects of Azure Active Directory B2C, get started with the service by creating a B2C tenant:
264
262
265
263
> [!div class="nextstepaction"]
266
-
> [Tutorial: Create an Azure Active Directory B2C tenant >](tutorial-create-tenant.md)
264
+
> [Tutorial: Create an Azure Active Directory B2C tenant >](tutorial-create-tenant.md)
0 commit comments