This architecture shows how to enable access to the developer portal using both Azure AD (AAD B2B) and Azure AD B2C. Includes screen captures showing the overall sign in experience.
Download Multi-tab Visio and PDF
-
Traffic Flows
- Blue/Cyan : Backend API Connections
- Green: Developer Portal Sign in experience using AAD
- Red: Developer Portal Sign-in experience using B2C
-
Note: The above diagram shows the APIM internal mode with Application gateway but it can be used with External and Default mode as well. Detailed implementation of internal and external is explained in previous sections in this series.
-
Basic Authentication is the default methad the is available with API Management.
-
AAD Auth allows access to the developer portal from users from Azure AD or Corporate AD accounts sync'd to AAD using Azure AD Connect
-
AAD B2C Auth (Requires Premium Tier)
-
There are three different tenants
- AAD Tenant(Custom Domain: penguintrails.com, default domain: xxxx.onmicrosoft.com)
- B2C Tenant (nnb2cdomain.onmicrosoft.com) associated with AAD tenant(penguintrails.com)
- Tenant where APIM resources are deployed.
Using Azure documentation link here ensure that you've external APIM in the internal mode.
Refer to common documentation link here for more details on pre-requisites
- APIM in deployed in internal mode.
- Products,APIs and subscriptions created
- VPN or Private Connectivity is optional in this design
- Internal and External APIs routable from APIM subnet
- Azure Provided default DNS resolution for API endpoints.
- Developer Portal Published
- Troubleshooting Notes - here.
This method is the default method that comes with API management and is based on Username and Password.
AAD Dev Portal Integration AAD Dev Portal Integration
Make sure the following prequisites are completed. More documentation here.
Application registered in your tenant
User flows created in your tenant
Published API in Azure API Management
Add Identity Provider to APi Management Portal
- Add JWT token policy
- Protect backend API