User Management – Azure AD B2C Graph API

Generally speaking, Azure AD is widely used in user management. Here, I am going to walk through to user management using Azure AD B2C graph API.

Sometimes client expects that registration form will be a part of our built-in application but actually behind the scene user must be created inside our Azure account and not in our database's table. To fulfil this kind of requirement we need to create, read and update user accounts inside the Azure directory. Azure AD Graph API provides us feature to handle this tasks programmatically efficiently.

To handle this stuff, you just need to register an application and authenticate it inside Azure AD B2C. Here, the application acts as itself, not as a user, to call the Graph API.

For user management, you need basically 2 things

1) Azure B2C tenant

2) An application which is registered inside your B2C tenant

To create the tenant:

To create an Application inside tenant:

You must have to select the directory first, inside which you want to manage your users.

By following above steps one can able to get basic values of OAuth authentication keys. i.e. Tenant, ApplicationID/ClientID and Client Secret.

Before using Graph API you must have to Configure create, read and update permissions for your application using below steps.

• Continuing in the Azure portal's App Registrations menu, select your application.
• In the Settings menu, click on Required permissions.
• In the Required permissions menu, click on Windows Azure Active Directory.
• In the Enable Access menu, select the Read and write directory data permission from Application Permissions and click Save.
• Finally, back in the Required permissions menu, click on the Grant Permissions button.

Once you set up all the things then you can able to make a call to Graph API. https://graph.windows.net/ is Endpoint URL which is used to send a request to Graph API.

Here, set the authentication for Azure application of B2C using below code:

Then by using authentication credentials, you can make a call to any get, post, put, delete or patch request.

To get all user list, your URL must be:

https://graph.windows.net/#tenant#/users?api-version=1.6 with get request.

To get the single user, your URL must be:

https://graph.windows.net/#tenant#/users/<user-object-id>?api-version=1.6 with get request.

To insert user, your URL must be:

https://graph.windows.net/#tenant#/users?api-version=1.6 with post request.

To ipdate user, your URL must be :

https://graph.windows.net/#tenant#/users/<user-object-id>?api-version=1.6 with patch request.

Here while creating a user you must have to pass below values as a JSON data with your post request:

{
    // All of these properties are required to create consumer users.

    "accountEnabled": true,
    "signInNames": [                            // controls which identifier the user uses to sign in to the account
        {
            "type": "emailAddress",             // can be 'emailAddress' or 'userName'
            "value": "test@gmail.com"
        }
    ],
    "creationType": "LocalAccount",            // always set to 'LocalAccount'
    "displayName": "Test Consumer",                // a value that can be used for displaying to the end user
    "mailNickname": "Test",                        // an email alias for the user
    "passwordProfile": {
        "password": "P@ssword!",
        "forceChangePasswordNextLogin": false   // always set to false
    },
    "passwordPolicies": "DisablePasswordExpiration"
}

To update user, you can pass a valid key-value pair inside your JSON based on your requirement and send that parameter as a JSON data with patch request.

Thus, without login into your Azure account, you can manage users inside Azure directory via Graph API call.

Posted by: Priyal Pithadiya

On : Mar 01, 2018

Software Developer