Skip to main content

Register the Proxy Identity Experience Framework

Register the ProxyIdentityExperienceFramework application

  1. Select App registrations, and then select New registration.
  2. For Name, enter ProxyIdentityExperienceFramework.
  3. Under Supported account types, select Accounts in this organizational directory only.
  4. Under Redirect URI, use the drop-down to select Public client/native (mobile & desktop).
  5. For Redirect URI, enter myapp://auth.
  6. Under Permissions, select the Grant admin consent to openid and offline_access permissions checkbox.
  7. Select Register.
  8. Record the application (client) ID for use in a later step.

Define the application as public client

  1. In the left menu, under Manage, select Authentication.
  2. In the Advanced settings > Allow public client flows section, set Enable the following mobile and desktop flows to Yes.
  3. Select Save.
  4. Ensure that "allowPublicClient": true is set in the application manifest through the following steps:
    1. In the left menu, under Manage, select Manifest to open the application manifest.
    2. Find the allowPublicClient key and ensure its value is set to true.

Grant permission to the exposed API scope

  1. In the left menu, under Manage, select API permissions.
  2. Under Configured permissions, select Add a permission.
  3. Select the My APIs tab > IdentityExperienceFramework application.
  4. Under Permission, select the user_impersonation scope that you defined earlier.
  5. Select Add permissions. Wait a few minutes to allow the permissions to take effect before proceeding to the next step.
  6. Select Grant admin consent for <your tenant name>.
  7. Select Yes.
  8. Select Refresh, and then verify that Granted for ... appears under Status for the scope.

For more information, see Tutorial: Create user flows and custom policies in Azure Active Directory B2C in the Microsoft Azure documentation.