Deploy and manage Active Directory B2C using ARM templates and RM PowerShell cmdlets.
When building Azure-based applications intended for generalization and multiple deployment, it would simplify both the development and deployment experience if B2C directories could be configured using the standard Azure RM template and PowerShell cmdlet functionality.
Given that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?
Felix Müller commented
We would like to provision all resources for our environments using IaC. While the API for creating the resource seems to be available https://docs.microsoft.com/en-us/rest/api/activedirectory, many properties are still missing, and there isn't any integration in the ARM template world, as far as we know.
For those only worrying about automation, B2C tenant creation is possible using Pulumi:
This was added as a hard requirement for any environments built using Azure B2C for my employer. Until we can do this, doing any build outs using Azure B2C is inheritly building in large amounts of tech debt
A start for automating the IEF data plane of B2C once you have a tenant!
Henk de Koning commented
We use Azure for its high accuracy of software defined infrastructure. It took a while, but I also run into this issue. We really need to be able to seamlessly setup our (DTAP) environments with no human interaction. To me, B2C tenants should be no exception
This is a must in a professional environment, please add these capabilities for Azure B2C asap.
So I would like to use infrastructure as code to deploy new azure ad b2c tenants. Since we are building a multi tenant application where each tenant has its own B2C directory we need to deploy the AD dynamically and automated. This is currently not supported? We are using Pulumi Nextgen for deployment of infrastructure but any way to achieve this would be appreciated.
Carlos Mendible commented
Any news on this one? Majority of my customers block Azure portal in their production environments and require all deployments to be fully automated.
John Del Forno commented
AzureAD should be manageable via ARM template as a whole, not just B2C.
Especially from an MSP perspective and in B2C's case, due to Data Sovereignty.
It's a rather large pain to need to create different B2C tenants in different countries to ensure localised data account, then making a change to the offering as a whole and needing to re-apply that change multiple times.
Yes, the Graph API is there, however, that requires even more work to update and maintain, where as the ARM engine would do it natively.
Jón Reginbald Ívarsson commented
Any news on this?
Shahid Iqbal commented
We would want to create and configure a B2C tenant with app registrations, user flows etc. Really surprised to find it not currently exposed at all!
Any timeline for this being available?
Kiran Ala commented
Following, Any updates to this request either in the roadmap or not planning at all?
Sammy Vergeylen | Flexsoft commented
We like to use a separate B2C for each environment (at least one for productional use and one for dev and other environments).
We deploy our complete environment via ARM template (and added some powershell where needed). It would mean a big difference if the B2C could be maintained in this way as well.
"would having programmatic API’s to configure <ANY AZURE> settings be useful"
YES. that's the whole idea of automation, CI/CD, the removal of repetitive, mundane, human-error-prone tasks using ARM / Powershell combined with (environment) variables is one of the key pillars in the success of (our) cloud. Any configuration that can be done in Azure should be represented by a proper documented way of automation. A client needs to add a fix for the password-reset link not working when using B2C from APIM (https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/33494830-go-direct-to-password-reset-from-sign-in-sign-up, please fix that as well), they need to deploy from dev to test to acceptance to production. Policy names and page layouts need to be consistent. I simply refuse to write a manual to accomplish this, the only guidance they will receive is a proper commented PowerShell script and/or ARM template, the same as for all other Infrastructure related configurations (IAC is the future, the future is NOW).
Thanks in advance for providing this essential feature.
Best regards, Arthur
Rob Monro commented
Any way of deploying B2C through automation would be useful. Its frustrating that the public API does not seem to be currently documented or exposed. Unless I've missed them?
The lack of templating / APIs for deployment means new instances of an application cannot be automatically deployed for a new customer with their own related B2C instance.
Philip Peterhansl commented
Integration into terraform azurerm or terraform azuread providers would be highly appreciated as well!
Since Adam submitted this request, and now he is on the team ..... can we get an update :D
@parakh - Like Alexander is saying below, it's a way to have a declarative way to deploy that produces the same results. Like you would with an ARM template for VM's/Apps etc.
Alexander Mason commented
Declarative (make the current state to match this configuration) is far preferred to imperative (run set of commands or APIs) especially if dealing with many different policies