☁️Azure B2C Single Sign-On (SSO) Integration Guide

Overview Managed Guardian Service (MGS) supports Single Sign-On (SSO) through Azure B2C for organizations integrating their own front-end application with MGS. This capability is available as part of the Cortex integration pattern, allowing organizations to use their existing Azure B2C tenant for authentication. Azure B2C SSO is not available in the default MGS UI—it is supported only for integrated front ends.

Key Points

• Azure B2C SSO can be enabled for any MGS tenant, but configuration is tenant-specific (one Azure B2C connection per tenant).

• All Azure B2C application setup and management must be performed in the end user’s Azure portal before connecting to MGS.

• Only tenant admins can configure Azure B2C SSO in MGS.

Prerequisites

• An Azure B2C tenant and application registered in the organization’s Azure portal.

• The following details from Azure B2C:

  • Issuer URL

  • Application (Client) ID

  • JWKS URL

Enabling Azure B2C SSO in MGS

1. Create or Select a Tenant

• Log into the MGS admin interface.

• As a tenant admin, create a new tenant or select an existing tenant from the “Tenants” list.

2. Access the Azure B2C Tab

• Click “Open” for the desired tenant.

• Navigate to the Azure B2C tab in the tenant configuration.

3. Enable Azure B2C

• Click the Enable button.

4. Enter Azure B2C Details

• Fill in the following fields using information from your Azure B2C portal:

  • Issuer URL (e.g., https://your-tenant-name.b2clogin.com/your-tenant-id/v2.0/)

  • Application (Cliet) ID (from the Azure B2C registered application)

  • JWKS URL (public key set endpoint, typically available from Azure B2C)

• Click Save Changes.

5. Confirm Configuration

• Once saved, MGS will use your Azure B2C settings for authentication to this tenant through your integrated/custom front end.

Notes

• Azure B2C setup and application registration must be completed in your own Azure portal. MGS only connects to the already-configured Azure B2C app.

• If you need to disable or update Azure B2C, use the Disable button or update the configuration fields as needed.

• Azure B2C SSO is not available on the default MGS user interface; it is supported only through integrated or custom UI implementations following the Cortex integration pattern.

Troubleshooting

• Ensure all URLs and IDs are entered correctly from your Azure B2C portal.

• For issues with SSO login, verify the Azure B2C configuration and application permissions in Azure.

• Contact your organization’s Azure administrator or MGS support for assistance.