Skip to main content

Add signing and encryption keys

Create the signing key

  1. On the Azure AD B2C page, under Policies, select Identity Experience Framework.
  2. Select Policy Keys and then select Add.
  3. For Options, choose Generate.
  4. In Name, enter TokenSigningKeyContainer. The prefix B2C_1A_ may be added automatically.
  5. For Key type, select RSA.
  6. For Key usage, select Signature.
  7. Select Create.

Create the encryption key

  1. On the Azure AD B2C page, under Policies, select Identity Experience Framework.
  2. Select Policy Keys and then select Add.
  3. For Options, choose Generate.
  4. In Name, enter TokenEncryptionKeyContainer. The prefix B2C_1A_ may be added automatically.
  5. For Key type, select RSA.
  6. For Key usage, select Encryption.
  7. Select Create.

For more information, see Tutorial: Create user flows and custom policies in Azure Active Directory B2C in the Microsoft Azure documentation.