You are the administrator of the Tamilalt Corporation. You build a Web API 2 HTTP API (hosted on-premises) for the TamilaltApp application, which is responsible for managing shipping orders. The identity management for the app has to be outsourced to Azure Active Directory B2C

You are the administrator of the Tamilalt Corporation. You build a Web API 2 HTTP API (hosted on-premises) for the TamilaltApp application, which is responsible for managing shipping orders. The identity management for the app has to be outsourced to Azure Active Directory B2C.

Service consumers will rely on Azure Active Directory B2C to add features to the app that will support sign up and sign-in for new accounts using identity providers like Facebook, Google, Amazon, LinkedIn, or using Microsoft accounts. Users should be able to sign in with their individual credentials. The consumer does not have to edit the profile attribute, but you want to allow the option to reset the password.

Which kind of policies should you create to meet the requirements with the least amount of effort? (Choose two.)

A) Password reset policy

B) Sign-up policy

C) Profile editing policy

D) Sign-up or sign-in policy

E) Sign-in policy

Explanation

You should create a sign-up or sign-in policy and a password reset policy. The sign-up or sign-in policy controls the consumer sign-up and sign-in experiences with a single policy. The sign-up or sign-in policy allows users to choose the right path for either sign-up or sign-in with identity provider credentials, depending on the context. This policy also describes the contents of tokens used for sign-ups or sign-ins from the application.

The password reset policy allows you to enable a fine-grained password reset on your application. Note that the tenant-wide password reset option that has been specified is still applicable for sign-in policies.

After creating a sign-in policy (with local accounts) or a sign-up policy, the user should see on the first page of the experience a link for "Forgot Password" reminder. If the user clicks the link, the link will not automatically trigger a password reset policy. It will generate a specific error code AADB2C90118, which is returned back to your app. You must write logic into your app to handle this error and invoke a specific password reset policy.

You should not configure a separate sign-in policy and a separate sign-up policy. For the least administrative effort, you should configure a sign-in or sign-up policy.

You should not create a profile editing policy. In this scenario, you do not have to edit the profile attribute. The profile editing policy enables profile editing on your application. This policy describes the experiences that consumers will go through during profile editing, to edit profiles, and to view the contents of tokens that the application will receive on successful completion.

 

Objective:

Describe identity, governance, privacy, and compliance features

Sub-Objective:

Describe core Azure identity services

References:

Azure > Active Directory B2C > Azure AD B2C: Build a Windows desktop app

Azure > Active Directory B2C > Create an ASP.NET web app with Azure Active Directory B2C sign-up, sign-in, profile edit, and password reset