Azure AD B2C
Azure AD B2C Integration with OwnID
By integrating Azure AD B2C with OwnID, you can implement the full set of OwnID features to streamline your user authentication experience.
How it Works
Integrate OwnID with Azure AD B2C by completing these four basic steps:
- Step 1 - Configure your Azure AD B2C tenant.
- Step 2 - Set up server endpoints using the OwnID npm package.
- Step 3 - Create an OwnID application in the OwnID Console.
- Step 4 - Integrate with your frontend.
Step 1 - Configure Azure AD B2C
Register an Application for OwnID Integration
You’ll need to register a specific application for OwnID integration:
- In your B2C tenant, navigate to
App registrations
- Click
New registration
- Fill in the required information:
- Name: OwnID Integration
- Supported account types: Accounts in this organizational directory only (default directory only - single tenant)
- Click
Register
- After registration, note down the following values:
- Application (client) ID
- Directory (tenant) ID
- Object ID
Create Client Secret
- In your registered app, navigate to
Certificates & secrets
- Click
New client secret
- Add a description and select expiration period
- Click
Add
- Important: Note down the client secret value as it will be shown only once
Configure API Permissions
- In your registered app, navigate to
API permissions
- Click
Add a permission
- Select
Microsoft Graph
- Select
Application permissions
- Add the following permissions:
- User.ReadWrite.All
- Click
Add permissions
- Important: Click
Grant admin consent for [your-tenant-name]
button at the top of the API permissions page. This step is critical - without admin consent, you will get “Insufficient privileges” errors when accessing the Graph API.
Find Your B2C Extension App ID
Every Azure AD B2C tenant has a special application called the b2c-extensions-app
that’s automatically created:
- In your B2C tenant, go to
App registrations
- Switch to
All applications
if you don’t see it immediately - Look for
b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.
- Note down its Application (client) ID - you’ll need this for your environment variables
Step 2 - Set Up Server Endpoints
For Node.js applications, you can use the official @ownid/azure-b2c
package which provides all the necessary endpoints:
Then, configure your Express application to use the OwnID router:
You’ll need to configure the following environment variables:
Step 3: Create OwnID Application
An OwnID application connects your backend with the OwnID widget in the front end. This OwnID application is assigned a unique appId
that is then added to the website’s front end. To create an OwnID application:
- Open the OwnID Console and create an account or log in to an existing account.
- Select
Create Application
. - Define the name of your application, your backend language, and finish the onboarding.
Step 4 - Integrate with your Frontend
Choose your frontend integration path:
OwnID Elite
Implement the predefined authentication screens provided by OwnID
OwnID Boost
Add OwnID as an add-on to your existing forms
Advanced Usage
Custom Session Token Generation
If you’re using the Node.js package, you can provide your own session token generation logic, such as custom JWT creation:
Next Steps
Ready to deploy?
YES!
Take me to the Deployment Checklist