SSO with Azure AD B2C - Administrator Guide

Overview

The Single Sign-On (SSO) feature is built on Microsoft Azure AD B2C, which acts as a central identity provider (IdP) for our platform. For corporate Microsoft Entra ID users, the system integrates with your organization's Entra ID tenant through a multi-tenant application registered in our corporate Entra ID tenant.

Want to dive right in? Click here to jump to What You Need to Do

Benefits

Centralized Authentication: Azure AD B2C acts as the authentication hub.
Standards-Based: Utilises industry-standard protocols such as OpenID Connect and OAuth 2.0 for secure authentication.
Robust Security: Authentication leverages the security features of Azure AD B2C and Entra ID.
Corporate Integration: Users from your organization's Entra ID tenant can authenticate via SSO using a multi-tenant application registered in our corporate Entra ID tenant.
Simplified Management: Centralized authentication reduces administrative overhead.

Authentication Flow

User Visits the Login Page:
- Users click the "Single Sign-On" button on the WOWEB platform to visit the Azure AD B2C login form, hosted at wowebauth.b2clogin.com. This page presents identity provider options, including your corporate Entra ID (formerly AzureAD).
Azure AD B2C Redirects to Your Entra ID Tenant:
- Users click "Sign in with Azure AD" to navigate to their own Entra ID authentication environment.
Your Entra ID Tenant Authenticates the User:
- Users sign in, and your tenant applies policies such as Multi-Factor Authentication (MFA) or Conditional Access.
Entra ID Sends an Authorization Code to Azure AD B2C:
- Upon successful authentication, Entra ID sends an Authorization Code to Azure AD B2C.
Azure AD B2C Exchanges the Code for an ID Token:
- Azure AD B2C exchanges the code with Entra ID for an ID token containing user information (e.g., name, email).
Azure AD B2C Sends a New Authorization Code to Our Application:
- Azure AD B2C generates a new authorization code and sends it to our application (https://www.woweb.co.za).
Our Application Obtains an ID Token:
- Our application exchanges the new code with Azure AD B2C for an ID token to confirm the user's identity.
User Gains Access:
- Our application validates the ID token, checks the user's subscription status, and grants access to protected resources with SSO support.

What You Need to Do

Review and Accept Our Platform's Permission Request
Consent must be given to our platform by your Microsoft Entra ID "Global Administrator" or "Cloud Application Administrator". Click the following link to navigate to the consent screen where you can see all the details, and be able to Accept the permission request.
Grant Admin Consent
Provide Your Microsoft Entra ID Tenant ID
To link your SSO users to the relevant WOWEB subscription, please email your tenant ID to our team.
If you need help locating it, contact us and we'll guide you through the process.

Contact Us

General & Subscription Enquiries

Email: info@whoownswhom.co.za
Tel: +27 10 300 7442