If you’re preparing for Azure B2C job interview and whether you’re experienced or fresher & don’t know what kind of questions will be asked in Azure B2C interview, then go through the below Real Time 100+ Top Azure B2C Interview Questions and Answers to crack your job interview.
Azure B2C Interview Questions and Answers
Question: Adfs V4.0 (server 2016) Supports Oidc. Could I Use This As A Bridge?
No – ADFS v4.0 is not customisable and it only supports OIDC as a RP not as a CP.
Question: Azure B2c Runs On Azure Ad. I Can Set Up A Federated Tenant With Adfs And Azure Ad. So Why Can’t I Do This With B2c?
B2C is a “different kind” of Azure AD tenant. It was developed for a use case of millions of external users that have no need for SaaS or federation.
Question: Can I Add Other Social Providers?
No – not at the moment.
Question: Can I Configure Scopes To Gather More Information About Consumers From Various Social Identity Providers?
No, but this feature is on our roadmap.
The default scopes used for our supported set of social identity providers are:
- Facebook: email
- Google+: email
- Microsoft account: openid email profile
- Amazon: profile
- LinkedIn: r_emailaddress, r_basicprofile
Question: Can I Use Aad Connect To Provision My Users In B2c?
No – that only works for “normal” Azure AD. In addition, AAD Connect provisions users from AD. Typically, these are internal users inside a company’s intranet. B2C supports a different use case – external users not directly employed by a company and on the internet. So it wouldn’t make sense to use AAD Connect.
Question: Can I Use Azure Ad B2c Features In My Existing, Employee-based Azure Ad Tenant?
Azure AD and Azure AD B2C are separate product offerings and cannot coexist in the same tenant. An Azure AD tenant represents an organization. An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. With custom policies (in public preview), Azure AD B2C can federate to Azure AD allowing authentication of employees in an organization.
Question: Can I Use Azure Ad B2c To Provide Social Login (facebook And Google+) Into Office 365?
Azure AD B2C can’t be used to authenticate users for Microsoft Office 365. Azure AD is Microsoft’s solution for managing employee access to SaaS apps and it has features designed for this purpose such as licensing and conditional access. Azure AD B2C provides an identity and access management platform for building web and mobile applications. When Azure AD B2C is configured to federate to an Azure AD tenant, the Azure AD tenant manages employee access to applications that rely on Azure AD B2C.
Question: Can I Use The Nuget Microsoft Owin Oidc Package To Connect To B2c?
No not OOTB – B2C uses profiles and these profiles have to be added to the OAuth message. Refer B2C sample code.
Question: Does B2c Allow Sso Across Applications?
All applications that can authenticate with B2C have SSO across them.
Question: Does My Application Have To Be Run On Azure For It Work With Azure Ad B2c?
No, you can host your application anywhere (in the cloud or on-premises). All it needs to interact with Azure AD B2C is the ability to send and receive HTTP requests on publicly accessible endpoints.
Question: How Can I Do Sso With Adfs And B2c?
At the moment you can’t.
As above there is no way to connect them directly. However, you could try something like:
Application –> WS-Fed / SAML / OIDC –> ADFS –> WS-Fed / SAML –> IdentityServer –> OIDC –> B2C.
Question: How Do I Add A Saas Application To B2c?
B2C only supports OpenID Connect. It needs some OAuth tweaks to add in profile details. If the SaaS application can make those changes, then yes. If not, you need a bridge . To support WS-Fed and SAML 2.0 you need a bridge as described here.
Question: I Already Have An Azure Ad Tenant. Can I Use That For B2c?
No – B2C is a “different kind” of Azure AD tenant. When you create a new Azure AD tenant, you’ll see there is a check-box that asks you if this is for B2C. The Azure AD tenant is either “normal” or B2C – it can’t be both.
Question: I Have A Number Of Different Logins On B2c – Local And Some Social. However, They Are All For The Same Person I.e. Me. Is There Any Way To Link All These Identities?
No – not at the moment.
Question: I Have Multiple Azure Ad B2c Tenants. How Can I Manage Them On The Azure Portal?
Before opening ‘Azure AD B2C’ in the left side menu of the Azure portal, you must switch into the directory you want to manage. Switch directories by clicking your identity in the upper right of the Azure portal, then choose a directory in the drop down that appears. For a step-by-step with images, see Navigate to Azure AD B2C settings.
Question: I See That You Used Identityserver As A Bridge. Is That The Only Solution?
No – you could use something like Auth0 as well. The key is that it has to be customisable and it has to be able to support both CP and RP.
Question: So I Can’t Programmatically Provision My Users In B2c?
Yes you can via the Graph API. Have a look at the sample.
Question: So I Can’t Use Any Standard Oidc Library?
Not OOTB – they require customisation.
Question: What About Logout From B2c?
That’s more a function of OIDC and currently there is no standardised logout functionality.
Question: What About Other Languages E.g Java?
I have heard of people using a Java OIDC library that they customised.
Question: What Are Local Accounts In Azure Ad B2c? How Are They Different From Work Or School Accounts In Azure Ad?
In an Azure AD tenant, users that belong to the tenant sign-in with an email address of the form <xyz>@<tenant domain>. The <tenant domain> is one of the verified domains in the tenant or the initial <…>.onmicrosoft.com domain. This type of account is a work or school account.
In an Azure AD B2C tenant, most apps want the user to sign-in with any arbitrary email address (for example, email@example.com, firstname.lastname@example.org, email@example.com, or firstname.lastname@example.org). This type of account is a local account. We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types when configuring identity providers for Azure AD B2C in the Azure portal. In your Azure AD B2C tenant, click Identity providers and then select Username under Local accounts.
User accounts for applications must always be created through a sign-up policy, sign-up or sign-in policy, or by using the Azure AD Graph API. User accounts created in the Azure portal are only used for administering the tenant.
Question: Which Social Identity Providers Do You Support Now? Which Ones Do You Plan To Support In The Future?
We currently support Facebook, Google+, LinkedIn, Amazon, Twitter (preview), WeChat (preview), Weibo (preview), and QQ (Preview). We will add support for other popular social identity providers based on customer demand.
Azure AD B2C has also added support for custom policies. These custom policies allow a developer to create their own policy that with any identity provider that supports OpenID Connect vs SAML.
Get started with custom policies by checking out our custom policy starter pack.