1

I am trying to setup Azure AD B2C instance (having very simple configuration for testing purposes) using Infrastructure as Code tools - Terraform for now. I am IaC newbie, so excuse me if you find this question dumb. I'd like to automatically add few identity providers to my configuration, but also a user flow. According to the docs, I've found out I could use azurerm_api_management_identity_provider_aadb2c to configure the IP's, however I can't see anything related to user flows in the official Azure provider documentation in the Terraform registry. Does it mean I can't configure user-flows using Terraform until I do not write my own provider? :) How then I might automatically configure these resources?? If I could not automate this - for me it makes no sense at all to involve IaC tools in the project Maybe it has a little benefit, but to reach full potential I assume, it needs to run the whole infrastructure on demand using the scripts - which won't happen if I omit any configuration etc.

Thanks in advance for any help. Regards

Bulchsu
  • 580
  • 11
  • 33
  • 1
    if you set up b2c tenant with TF, then when you decide to run it in a pipeline you'll have a huge headache. There doesn't seem to currently be any way to update both resources in the B2C account and your main account, and according to https://stackoverflow.com/questions/71576007/azure-devops-service-connection-to-b2c-tenant it seems that you can't even create a service connection to the B2C tenant to update it in azure devops – Jake Boomgaarden Nov 03 '22 at 08:13

1 Answers1

2

So this is actually a pretty big question, a few starters for you azurerm_aadb2c_directory will create your B2C tenant

Then you'll want to make applications, for that you use the azuread provider, not azurerm, specifically

azuread_application

there's a web section where you can set redirect URIs for the app and required permissions/roles.

Something complex will be specifying the flow you want. If you use custom XML policies for your user flow then you'll need to do this as a powershell script since currently it's not supported in TF. It's all the identity framework configuration that determines user flows. It's honestly not a small task, so would recommend not doing that if this is just a small test application

Jake Boomgaarden
  • 3,394
  • 1
  • 17
  • 31