When using Azure AD B2C (Business to Consumer) you can easily do that with custom policies from the Identity Experience Framework.
The described solution is based on the LocalAccount templates from the Custom Policies Starter Pack GitHub repository.
Beside editing your policy with the steps below, you can download the complete files from my GitHub repository: B2C-custom-policy-with-consent
What it does:
What do I need to prepare:
- Start by downloading the current Custom Policies Starter Pack from the GitHub repo.
- Make sure you implemented the steps required to use custom policies here.
- Enter your tenant name to the header of all the files in LocalAccount template files
- Make sure you registered an application for usage with Azure B2C.
(If you don’t have your own app, try to implement this sample app).
How to implement:
First of all we create the required custom attribute, because I decided not to use my own extension app, I will use the default “b2c-extensions-app. Do not modify. Used by AADB2C for storing user data.” app with my custom policy.
Attributes for the build in policies are also stored here.
Create the needed attribute
Go to the Azure Portal (https://portal.azure.com) switch to your B2C tenant and create the following custom attribute from the B2C management blade:
- Name: TermsOfUseConsented
- Type: String
Now let’s catch up that attribute in our custom policy. Edit TrustFrameworkBase.xml and add the following ClaimType to the SECTION III of the ClaimsSchema block.
Add the additional consent page
Let’s create the additional page to present the consent screen in the user’s journey:
In the TrustFrameworkBase.xml add the following content definition to the ContentDefinitions block:
Tell the policy where extension attributes are located
Read the stored consent attribute from the directory
Locate the TechnicalProfile Id=”AAD-UserReadUsingEmailAddress” and add an additional output claim:
Create Technical Profile to write the consent attribute to AAD
Create the custom user journey
This is a copy of the default user journey from the TrustFrameworkBase.xml file with the added consent page in the 2nd last step (Order=”4″)
Active the new journey as the default user journey
That’s it, you can now load all policies into your B2C tenant and give them a try. Don’t forget you need to upload them in the following order:
- <additional files>
Since the custom consent page did not show the consent text itself you should put this into the UI customization HTML file and reference it the custom policy.
You can do that by modify the parameter LoadUri of the ContentDefinition Id=”api.selfasserted.consent”