LoginRadius as IDP in Azure AD B2C using OIDC

This guide walks you through integrating LoginRadius as an OpenID Connect (OIDC) Identity Provider within your Azure AD B2C tenant. By completing this configuration, Azure AD B2C can delegate authentication to LoginRadius, allowing your users to log in using credentials and identity profiles managed by the LoginRadius Identity Platform. This is especially useful if LoginRadius is your centralized identity hub and you want to leverage its advanced authentication features—such as social login, multi-factor authentication, or custom workflows—within applications protected by Azure AD B2C.

This integration supports OIDC-compliant authentication and enables seamless Single Sign-On (SSO) across multiple apps registered with Azure AD B2C while using LoginRadius as the identity source.

Prerequisites

Before proceeding, ensure you have the following components ready:

• In LoginRadius:

  • LoginRadius Console Access: You need access to the LoginRadius Console with permissions to create and configure applications.

  • OIDC App Configuration in LoginRadius: An OpenID Connect (OIDC) app should be configured within LoginRadius. This app will provide the metadata endpoint, client ID, and client secret required by Azure AD B2C.

  • Whitelisted Redirect URLs: Ensure that Azure AD B2C callback URLs (such as https://jwt.ms) are added to the allowed redirect URLs in your LoginRadius OIDC app configuration.

• In Azure AD B2C:

  • Azure AD B2C Tenant: An active Azure AD B2C tenant with administrative access. You can create one from the Azure portal.

  • Registered Application in Azure AD B2C: You need a web application registered under your B2C directory to test user flows and capture tokens post-login.

  • User Flows or Custom Policies:

    • Have at least one User Flow (e.g., Sign up and sign in, Profile editing, Password reset) configured. Alternatively, you may use Custom Policies if your use case is more advanced.

If these elements are not yet in place, refer to Microsoft’s documentation:

• Set up a B2C tenant
• Register an application
• Create user flows

Configuration

This section guides you through setting up LoginRadius as an OpenID Connect (OIDC) Identity Provider within Azure AD B2C. You'll first create an OIDC app in LoginRadius, then use the generated metadata URL to configure Azure AD B2C for federated login.

LoginRadius Configuration

1. Log in to the LoginRadius Console.
2. Navigate to Applications > Apps and click Add App.
3. Choose OIDC as the app type.
4. Fill out the required fields:
   • App Name: Name the app as desired.
   • Secret Key: Choose a secret key; this will be used in Azure AD B2C configuration.
5. Under the Federated SSO > OIDC Connect section, note the metadata URL format: https://cloud-api.loginradius.com/sso/oidc/v2/<site-name>/<oidc-app-name>/.well-known/openid-configuration

Replace <site-name> with your LoginRadius app name and <oidc-app-name> with the name assigned to the OIDC configuration.

6. Complete any required field mappings and click Save.

Azure AD B2C Configuration

1. Sign in to the Azure Portal as a Global Administrator.
2. Switch to your Azure AD B2C directory.
3. Go to Azure AD B2C > Identity Providers.
4. Click New OpenID Connect provider.
5. Fill in the configuration as follows:

Field Name	Value	Description
Name	LoginRadius (or any display name)	Display name shown on the Azure login screen.
Metadata URL	https://cloud-api.loginradius.com/sso/oidc/v2/<site-name>/<oidc-app-name>/.well-known/openid-configuration	Use the metadata URL generated from the LoginRadius OIDC configuration.
Client ID	<API Key>	API Key from your LoginRadius OIDC App.
Client Secret	<Secret Key>	Secret Key used in your LoginRadius OIDC App.
Scope	openid	Keep the default value.
Response Type	id_token	Used to receive the ID token as a query parameter.
Response Mode	query	Used to receive the response in the query string.
Domain Hint	<your-domain.com>	Optional: Used to auto-select the provider and skip the login provider selection screen.
User ID	UserID	Custom user ID field to match LoginRadius.
Display Name	DisplayName	Optional: Display name mapping.
Given Name	given_name	First name field mapping.
Surname	family_name	Last name field mapping.
Email	email	Email address mapping.

6. Click Save to complete the configuration.

Link the Identity Provider to a User Flow

1. In the Azure AD B2C portal, go to User Flows.
2. Select the user flow where you want to enable the LoginRadius IDP.
3. Under Identity Providers, select the provider you just created (e.g., LoginRadius).
4. Click Save.

Test the Integration

To test the flow:

1. Navigate to User Flows in Azure AD B2C and select your configured flow.
2. Click Run user flow.
3. Choose the application you registered earlier in Azure.
4. Confirm the reply URL (https://jwt.ms) is whitelisted in your LoginRadius Console.
5. On the login screen, select the LoginRadius identity provider.
6. Complete the authentication process. You will be redirected to https://jwt.ms with the received token.

Next Steps

• Customize the mapping of attributes within Azure and LoginRadius as needed.
• Use the issued token to access authorized applications or APIs.

Related Resources

• Microsoft Azure AD B2C Documentation
• LoginRadius OpenID Connect Configuration
• OpenID Connect
• Federated SSO