Search code examples
azureazure-ad-b2cinfrastructure-as-code

Create a new app registration and user flow in an existing Azure B2C Tenant with IaC

I have an Azure B2C tenant where I need to create some app registrations and a new user flow.

I'm trying to do this with Terraform, but I can't find much documentation for doing this kind of stuff (I've only really found azurerm_aadb2c_directory to create a directory, but like I said, I already have one). I was wondering if using azuread_application is the right thing to do, and if so, how can I create the application registration in the B2C tenant instead of the main one.

Another question I have is if it's possible to create user flows in IaC. I haven't found any documentation on this.

I'm open to using another IaC tool that does the job easier if it's very difficult to do in Terraform.

Is there a way to do this in Terraform or in another IaC tool/Azure Templates?

Solution

  • To create an Azure AD B2C application, use the below PowerShell script:

    # Connect to Microsoft Graph using the Connect-MgGraph cmdlet
Connect-MgGraph -Scopes "Application.ReadWrite.All"

# Define the parameters for the application
$displayName = "B2CAppPowershell"

#Define the request body for the application
$body = @{
    displayName = $displayName
} | ConvertTo-Json

# Define the headers for the request
$headers = @{
    "Content-Type" = "application/json"
}

# Define the URI for the request
$uri = "https://graph.microsoft.com/v1.0/applications"

# Send the request to create the application
$response = Invoke-MgGraphRequest -Method Post -Uri $uri -Headers $headers -Body $body

# Print the response
$response

    enter image description here

    The Azure AD B2C application created successfully:

    enter image description here

    To create the Azure AD B2C user flow, use the below PowerShell script:

    To create other user flows, refer this MsDoc

    Connect-MgGraph -Scopes "IdentityUserFlow.ReadWrite.All"

# Define the parameters for the user flow
$userFlowId = "testruk"
$userFlowType = "signUpOrSignIn"
$userFlowTypeVersion = 3

# Define the request body for the user flow
$body = @{
    id = $userFlowId
    userFlowType = $userFlowType
    userFlowTypeVersion = $userFlowTypeVersion
} | ConvertTo-Json

# Define the headers for the request
$headers = @{
    "Content-Type" = "application/json"
}

# Define the URI for the request
$uri = "https://graph.microsoft.com/beta/identity/b2cUserFlows"

# Send the request to create the user flow
$response = Invoke-MgGraphRequest -Method Post -Uri $uri -Headers $headers -Body $body

# Print the response
$response

    enter image description here

    The User flow got created successfully:

    enter image description here

    References:

    Azure AD B2C Support · Issue #175 · hashicorp/terraform-provider-azuread · GitHub by Hayden Hao

    Automating Azure AD B2C tenancy deployments for your app (makerx.com.au) by Trent Steenholdt