# Azure B2C Single Sign-On (SSO) Integration Guide

**Overview**\
Managed Guardian Service (MGS) supports Single Sign-On (SSO) through Azure B2C for organizations integrating their own front-end application with MGS. This capability is available as part of the **Cortex integration pattern**, allowing organizations to use their existing Azure B2C tenant for authentication. **Azure B2C SSO is not available in the default MGS UI**—it is supported only for integrated front ends.

**Key Points**

* Azure B2C SSO can be enabled for any MGS tenant, but **configuration is tenant-specific** (one Azure B2C connection per tenant).
* All Azure B2C application setup and management must be performed in the end user’s Azure portal before connecting to MGS.
* Only **tenant admins** can configure Azure B2C SSO in MGS.

**Prerequisites**

* An Azure B2C tenant and application registered in the organization’s Azure portal.
* The following details from Azure B2C:
  * **Issuer URL**
  * **Application (Client) ID**
  * **JWKS URL**

**Enabling Azure B2C SSO in MGS**

**1. Create or Select a Tenant**

* Log into the MGS admin interface.
* As a tenant admin, create a new tenant or select an existing tenant from the “Tenants” list.

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F3dxa3ziF9rJyaA1aY9pH%2Fimage.png?alt=media&#x26;token=c6c13bcd-c7b1-4162-95e6-abbcaad52744" alt=""><figcaption></figcaption></figure>

**2. Access the Azure B2C Tab**

* Click “Open” for the desired tenant.
* Navigate to the **Azure B2C** tab in the tenant configuration.

**3. Enable Azure B2C**

* Click the **Enable** button.

**4. Enter Azure B2C Details**

* Fill in the following fields using information from your Azure B2C portal:
  * **Issuer URL** (e.g., <https://your-tenant-name.b2clogin.com/your-tenant-id/v2.0/>)
  * **Application (Cliet) ID** (from the Azure B2C registered application)
  * **JWKS URL** (public key set endpoint, typically available from Azure B2C)

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F2pjM74LHDnBRbdXJYEMt%2Fimage.png?alt=media&#x26;token=dfa36711-e0a3-4f06-8a7c-435516ba24f9" alt=""><figcaption></figcaption></figure>

* Click **Save Changes**.

**5. Confirm Configuration**

* Once saved, MGS will use your Azure B2C settings for authentication to this tenant through your integrated/custom front end.

**Notes**

* Azure B2C setup and application registration must be completed in your own Azure portal. MGS only connects to the already-configured Azure B2C app.
* If you need to disable or update Azure B2C, use the **Disable** button or update the configuration fields as needed.
* Azure B2C SSO is not available on the default MGS user interface; it is supported only through integrated or custom UI implementations following the Cortex integration pattern.

**Troubleshooting**

* Ensure all URLs and IDs are entered correctly from your Azure B2C portal.
* For issues with SSO login, verify the Azure B2C configuration and application permissions in Azure.
* Contact your organization’s Azure administrator or MGS support for assistance.