-
Notifications
You must be signed in to change notification settings - Fork 415
/
self-service-sign-up-user-flow.yml
143 lines (122 loc) · 8.35 KB
/
self-service-sign-up-user-flow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
### YamlMime:HowTo
metadata:
title: Add B2B Guest Sign-in
description: Create sign-up and sign-in user flows for apps you build. Users with external identities can sign up, submit user attributes, and create a B2B collaboration guest account.
author: msmimart
ms.author: mimart
manager: CelesteDG
ms.date: 06/28/2024
ms.service: entra-external-id
ms.topic: how-to
ms.collection: M365-identity-device-management
ms.custom:
- it-pro
- ge-structured-content-pilot
- seo-july-2024
#customer intent: As a developer building an application with B2B collaboration user flows, I want to add a self-service sign-up user flow to my app, so that users can sign up for the app and create a new guest account.
title: |
Add self-service sign-up user flows for B2B collaboration
introduction: |
[!INCLUDE [applies-to-workforce-only](./includes/applies-to-workforce-only.md)]
> [!TIP]
> This article applies to B2B collaboration user flows in workforce tenants. For information about external tenants, see [Create a sign-up and sign-in user flow](customers/how-to-user-flow-sign-up-sign-in-customers.md).
For applications you build, you can create user flows that allow a user to sign up for an app and create a new guest account. A self-service sign-up user flow defines the series of steps the user follows during sign-up, the [identity providers](identity-providers.md) you allow them to use, and the user attributes you want to collect. You can associate one or more applications with a single user flow.
> [!NOTE]
> You can associate user flows with apps built by your organization. User flows can't be used for Microsoft apps, like SharePoint or Teams.
prerequisites:
summary: |
Before you begin you may need to add identity providers and define custom attributes.
### Add identity providers (optional)
Microsoft Entra ID is the default identity provider for self-service sign-up. This means that users are able to sign up by default with a Microsoft Entra account. In your self-service sign-up user flows, you can also include social identity providers like Google and Facebook, Microsoft Account, and the email one-time passcode feature. For more information, see these articles:
- [Add Google to your list of social identity providers](google-federation.md)
- [Add Facebook to your list of social identity providers](facebook-federation.md)
- [Add Microsoft account as an identity provider](microsoft-account.md)
- [Email one-time passcode authentication](one-time-passcode.md)
### Define custom attributes (optional)
User attributes are values collected from the user during self-service sign-up. Microsoft Entra External ID comes with a built-in set of attributes, but you can create custom attributes for use in your user flow. You can also read and write these attributes by using the Microsoft Graph API. See [Define custom attributes for user flows](user-flow-add-custom-attributes.md).
procedureSection:
- title: |
Enable self-service sign-up for your tenant
summary: |
[!INCLUDE [portal updates](~/includes/portal-update.md)]
Before you can add a self-service sign-up user flow to your applications, you need to enable the feature for your tenant. Then controls become available that let you associate the user flow with an application.
> [!NOTE]
> This setting can also be configured with the [authenticationFlowsPolicy](/graph/api/resources/authenticationflowspolicy?view=graph-rest-1.0&preserve-view=true) resource type in the Microsoft Graph API.
steps:
- |
Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](~/identity/role-based-access-control/permissions-reference.md#user-administrator).
- |
Browse to **Identity** > **External Identities** > **External collaboration settings**.
- |
Set the **Enable guest self-service sign up via user flows** toggle to **Yes**.
:::image type="content" source="media/self-service-sign-up-user-flow/enable-self-service-sign-up.png" alt-text="Screenshot of the enable guest self-service sign-up toggle.":::
- |
Select **Save**.
- title: |
Create the user flow for self-service sign-up
summary: |
Next, you create the user flow for self-service sign-up and add it to an application.
steps:
- |
Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](~/identity/role-based-access-control/permissions-reference.md#user-administrator).
- |
Browse to **Identity** > **External Identities** > **User flows**, and then select **New user flow**.
:::image type="content" source="media/self-service-sign-up-user-flow/new-user-flow.png" alt-text="Screenshot of the new user flow button.":::
- |
On the **Create** page, enter a **Name** for the user flow. The name is automatically prefixed with **B2X_1_**.
- |
In the **Identity providers** list, select one or more identity providers that your external users can use to log into your application. (See *Before you begin* earlier in this article to learn how to add identity providers.)
- |
Under **User attributes**, choose the attributes you want to collect from the user. For more attributes, select **Show more**. For example, select **Show more**, and then choose attributes and claims for **Country/Region**, **Display Name**, and **Postal Code**. Select **OK**.
:::image type="content" source="media/self-service-sign-up-user-flow/create-user-flow.png" alt-text="Screenshot of the new user flow creation page. ":::
> [!NOTE]
> You can only collect attributes when a user signs up for the first time. After a user signs up, they will no longer be prompted to collect attribute information, even if you change the user flow.
- |
Select **Create**.
- |
The new user flow appears in the **User flows** list. If necessary, refresh the page.
- title: |
Select the layout of the attribute collection form
summary: |
You can choose order in which the attributes are displayed on the sign-up page.
steps:
- |
Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](~/identity/role-based-access-control/permissions-reference.md#user-administrator).
- |
Browse to **Identity** > **External Identities** > **User flows**.
- |
Select the self-service sign-up user flow from the list.
- |
Under **Customize**, select **Page layouts**.
- |
The attributes you chose to collect are listed. To change the order of display, select an attribute, and then select **Move up**, **Move down**, **Move to top**, or **Move to bottom**.
- |
Select **Save**.
- title: |
Add applications to the self-service sign-up user flow
summary: |
Now you associate applications with the user flow to enable sign-up for those applications. New users who access the associated applications are presented with your new self-service sign-up experience.
steps:
- |
Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [User Administrator](~/identity/role-based-access-control/permissions-reference.md#user-administrator).
- |
Browse to **Identity** > **External Identities** > **User flows**
- |
Select the self-service sign-up user flow from the list.
- |
In the left menu, under **Use**, select **Applications**.
- |
Select **Add application**.
:::image type="content" source="media/self-service-sign-up-user-flow/assign-app-to-user-flow.png" alt-text="Screenshot of adding an application to the user flow.":::
- |
Select the application from the list. Or use the search box to find the application, and then select it.
- |
Choose **Select**.
relatedContent:
- text: Add Google to your list of social identity providers
url: google-federation.md
- text: Add Facebook to your list of social identity providers
url: facebook-federation.md
- text: Use API connectors to customize and extend your user flows via web APIs
url: api-connectors-overview.md
#- [Add custom approval workflow to your user flow](self-service-sign-up-add-approvals.md)