How to use Azure AD Self-Service Sign Up

kenakamu

Kenichiro Nakamura

Posted on April 11, 2022

How to use Azure AD Self-Service Sign Up

When we develop services such as Web API/Web App which is external facing, managing users are very important, yet tedious task. One of the painful such processes is to create users to use our API.

The good news is that Azure AD provide self-service sing up to make this process easier! Let's see how this works.

Prerequisites

  • Azure Subscription
  • Postman (for easy to demonstrate)
  • Azure Ad with admin privilege

Register application and setup self-service sign up

To use this feature, we need to use Azure AD to authenticate/authorize users. Let's register an application first.

Register application

1. From Azure AD, select App registrations and click "New registration".

Image description

2. Enter an application name.

Image description

3. Add web as redirect url option and set https://oauth.pstmn.io/v1/callback as its url. (This is for postman)

Image description

4. Click register and obtain application id.

Image description

5. Click "Endpoint" and note authorization endpoint (v2)
and token endpoint (v2).
Image description

6. From "Certifications & Secrets", create new secret and note the secret value.

Image description

Enable Self-Service Sing Up

Next, enable self-service sing up in Azure AD.

1. Select "User Settings" and click "Manage external collaboration settings".

Image description

2. Toggle yes for "Enable guest self-service sign up via user flows" option and save.

Image description

3. Go back to previous page and select "External Identities".

Image description

4. Select "User flows" and add new one.

Image description

5. Name it and select external identities you want to support.

Image description

6. Select additional properties to capture and create.

Image description

7. Select the created user flow and select "Applications". Add the application you created above.

Image description

Test from postman

Finally, let's test from postman to see how this works.

1. Open postman and click "Authorization" tab. Select "OAuth 2.0" for type.

Image description

2. Enter appropriate value for each section which you should already know from previous steps. Set User.Read as scope.

Image description

3. Click "Get New Access Token" which will launch browser. Click "Create One" in sign in screen.

Image description

4. Sign up with preferred option. I sing up with my hotmail account.

Image description

5. Once an account is created, you will be asked to consent.

Image description

6. Then it asks the additional properties you set in user flow.

Image description

7. Consent to app permission. Now you should get new token. You can verify the token in jwt.io for example.

Check in Azure AD

The user is now added in Azure AD.

Image description

Summary

The sign-up experience is very smooth from end user point of view, and easy to setup from developer point of view. You can use the token to further process it in your backend.

💖 💪 🙅 🚩
kenakamu
Kenichiro Nakamura

Posted on April 11, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related