LogoLogo
  • PlaceOS Documentation
  • Overview
    • Key Concepts
      • Drivers
      • Interfaces
      • Modules
      • Settings
      • Systems
      • Triggers
      • Zones
    • Languages
      • Crystal
      • TypeScript
    • Protocols
      • MQTT
      • SAML
      • OAuth2
  • How To
    • Configure PlaceOS for Microsoft 365
      • Step 1: Room Calendar Access
        • Create Azure App Registration (Application Permissions)
        • Exchange Calendar Group
        • Limit Application Permissions
        • Configure PlaceOS Calendar Driver
      • Step 2: User Authentication & Calendar Access
        • Create a PlaceOS Authentication Source
        • Create Azure App Registration (Delegated Permissions)
        • Configure PlaceOS Authentication Source
        • Add User Login Redirects
      • Concierge Access
      • Troubleshooting
        • Blocked or Blacklisted IP Error
    • Configure PlaceOS for Google Workspace
      • Google Configuration
        • Create Google Cloud Project & Enable API
        • Configure Google Cloud Service Account
        • Add Google Workplace Permissions
        • Create Google Marketplace App (optional)
        • Google Workspace Service User (RBAC)
        • Configure Access to Google Resource Calendars
      • User Authentication
        • Create a PlaceOS Authentication Source for Google
        • Create Google Cloud OAuth2 Client App
        • Configure PlaceOS Auth Source for Google
        • Add User Login Redirects
    • Deployment
      • Deploy AWS Fargate on Modular CloudFormation Stacks
      • Deploy AWS Fargate on Nested CloudFormation Stacks
      • Writing Import Scripts
    • Analytics
      • MQTT Integration
    • Backoffice
      • Add a Domain to PlaceOS
      • Backoffice File Upload
      • Configure Staff API
      • Calendar Driver
      • Enable Sensor UI
      • Bookings Driver
      • Configure a webhook
    • Authentication
      • Azure B2C
        • Azure B2C Custom Policy Framework
        • Configure PlaceOS for Azure B2C
        • 365 Room Resources on Azure B2C
      • Configure SAML SSO
        • Configure SAML2 with AD FS
        • Configure SAML2 with Auth0
        • Configure SAML2 with Azure AD
        • Configure SAML2 with Google Workspace
      • Configure OAuth2 SSO
      • X-API Keys
      • Bearer tokens
    • Location Services
      • Location Services
      • Area Management
      • Discovering User Devices
      • Locating Users on a Network
      • People Finding with Cisco Meraki on PlaceOS
      • People Finding with Juniper Mist on PlaceOS
    • Notifications
      • Catering Orders
    • User Interfaces
      • Booking Panel App
      • Workplace App
      • Native Booking Panel App
      • Deploy a Frontend Interface
      • Microsoft Outlook Plugin
      • Configure Endpoint Auto Login
      • SVG Map Creation
      • Configuring a default UI
  • Tutorials
    • Setup a dev environment
    • Backend
      • Troubleshooting Backend Failures
      • Import Bookable Rooms
      • Writing A Driver
        • Testing drivers
        • ChatGPT / LLM Capabilities
          • Native GPT Plugins
      • Testing Internal Builds
    • Backoffice
      • Adding Drivers & Modules
      • Add Zone Structure
    • Common Configurations
      • Asset Manager
      • Catering
      • Locker Booking
      • Webex Instant Connect
      • Desk booking
      • Sensor Data Collection
        • Configure Kontakt IO
        • Configuring Meraki
        • Configuring DNA Spaces
      • Elevated Privileges
  • Reference
    • API
      • Real-time Websocket
      • Rest API
      • Staff API
    • Drivers
      • PlaceOS
        • Bookings
        • Staff API
        • Visitor Mailer
        • Lockers
      • Microsoft
        • Graph API
    • PlaceOS Skills
    • Privacy Policy
    • Recommended Products
    • Supported Integrations
    • System Architecture
    • System Functionality & Requirements
    • Infrastructure Requirements
    • Security Compliance
      • FAQ
      • GDPR
      • Security
    • Microsoft Azure Permissions
  • Glossary
  • 🎯PlaceOS Roadmap
  • 🆘PlaceOS Support
  • 👩‍💻PlaceOS Github
  • 📝PlaceOS Changelog
Powered by GitBook
On this page
  • Create an Authentication Source on PlaceOS
  • Create Azure B2C App Registration
  • Configure the Authentication Source
  • Add User Login Redirects
Export as PDF
  1. How To
  2. Authentication
  3. Azure B2C

Configure PlaceOS for Azure B2C

Create an Authentication Source for a PlaceOS Domain with Azure B2C.

PreviousAzure B2C Custom Policy FrameworkNext365 Room Resources on Azure B2C

Last updated 2 years ago

To allow users to authenticate on PlaceOS provided applications against Azure B2C, we will need to configure a PlaceOS Domain to use Azure B2C as the Authentication Provider.

These steps are similar to configuring OAuth2 for Google Workspace or Azure Active Directory, however, it is important to note the specific endpoints are different and unique to your Azure B2C tenant.

Create an Authentication Source on PlaceOS

  1. In PlaceOS Backoffice navigate to the Domains tab.

  2. Select the domain you would like to add Microsoft B2C Authentication to.

  3. Click the Authentication Tab.

  4. Click New Auth Source.

  5. Select OAuth as the auth source type.

  6. Provide a name eg. 'Microsoft Azure B2C'.

  7. Click Save.

  8. Copy the Auth Source ID eg. oauth_strat-Dw9b-5_lO3

  9. You will require the Auth Source ID to be used as the Azure App Registration Callback URI, for example: https://placeos-dev.im/auth/oauth2/callback?id=oauth_strat-Dw9b-5_lO3

Create Azure B2C App Registration

You will need to create an App Registration for PlaceOS in Azure B2C. This is the application PlaceOS will use to communicate with B2C.

  1. Login to your Azure B2C Tenant.

  2. Under Manage select App Registrations.

  3. Click new App Registration

  4. Give your App a name e.g. PlaceOS User Auth

  5. Under supported account types select: Accounts in this organizational directory only

  6. Under URI Redirect select Web and enter the PlaceOS oauth_strat created in the previous step e.g. https://placeos-dev.im/auth/oauth2/callback?id=oauth_strat-Dw9b-5_lO3

  7. Click Register.

  8. Navigate to API Permissions and confirm offline_access and openid scopes are granted.

  9. Navigate to Certificates and Keys.

  10. Click New Client Secret, name the secret something relevant e.g. PlaceOS Secret.

  11. Note down your Secret Value.

You will need to include this Application ID in the array of Application ID's in the TrustFrameWorkExtension.xml audience section.

Configure the Authentication Source

Information required in this step:

  • App Registration Client ID & Secret

  • Azure B2C Tenant Name

  • Azure B2C Custom Policy Name

In the Authentication Source, enter the following information:

Field
Description
Example

Name

A unique name for the Auth Source

Azure B2C

Client ID

The Client ID from your PlaceOS App Registration

Client Secret

The Client Secret from your PlaceOS App Registration

Site

PlaceOS Domain + b2c.com

{placeos_domain}.b2clogin.com

Scope

Scope's the application will use.

openid offline_access

Token Method

POST

Authentication Scheme

Request Body

Token URL

Endpoint for obtaining the token, including your Azure B2C Tenant Name and Policy Name

https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/token

Authorize URL

Endpoint used for Authenticating Users, including your Azure B2C Tenant Name and Policy Name

https://{tenant_name}.b2clogin.com/{tenant_name}.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/oauth2/v2.0/authorize

User Profile URL

The User Info endpoint that was created to pull user information via Graph API

https://{tenant_name}.b2clogin.com{tenant_name}.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN/openid/v2.0/userinfo

Info Mappings:

PlaceOS
Provider

email

sign_in_names.email_address

first_name

given_name

last_name

surname

Add User Login Redirects

  1. Login to PlaceOS Backoffice

  2. Navigate to the Domains tab.

  3. Select the Domain for your organisation.

  4. Click on the Edit icon.

Set the login URL to /auth/login?provider=oauth2&id=[OAUTH_STRAT]&continue={{url}}, replacing the [OAUTH_STRAT] with the authentication source ID created in '' instructions, leaving the {{url}} as is.

Set the logout URL to /auth/logout?continue=https://sso.org.com/logout if they haven’t provided you a logout.

Creating a PlaceOS Authentication Source