CODEWITHSUNDEEP
azure-ad-b2c
Piotr Zaremba
Piotr Zaremba

Reputation: 195

Azure AD B2C Authentication Firewall Issues

I have implemented a website that uses Azure AD B2C as its authentication mechanism.

Everything works great except I recently ran into a firewall issue with one of my clients. When the client redirects to either *.onmicrosoft.com and/or login.microsoftonline.com my client's corporate firewall blocks the routes. And to further complicate my situation my client's corporate firewall restrictions can not be changed.

Is there any work around that anyone can suggest such using a headless login workflow that is orchestrated within the web server that hosts my website or possibly using custom domains that my client trusts such as login.mycompany.com?

Upvotes: 1

Views: 5993

Answers (2)

Saeed Akhter
Saeed Akhter

Reputation: 422

Saca is correct, the customer owned domains feature could be used to change the domain name when it becomes available. Work has started, but it's still going to be some time before it's publicly available.

Regarding your client's firewall restriction that blocks login.microsoftonline.com. If it helps, there are some things that your client should be aware of. Blocking this domain doesn't just prevent application / Azure AD B2C scenarios, it blocks all Azure Active Directory sign-ins used for Microsoft Office 365 and Microsoft Azure. This means that if some other organization were to share Microsoft resources with one of the employees of your client's organization, they would be unable to access them.

Upvotes: 0

Saca
Saca

Reputation: 10656

Both of the approaches have outlined would be the ideal ways to deal with this restriction, unfortunately neither are currently available in Azure AD B2C.

Both of them are listed in the Azure AD B2C feedback forum for you to support and keep track of their progress:

I can't think of any other approach, which is a good thing otherwise, it would mean someone could easily spoof Azure AD B2C.

Ultimately, the right thing to do is to work with your client to ensure these and all the endpoints your applications needs, are allowed through the firewall.

Upvotes: 2

Related Questions