Bicep - Deploy an Azure Active Directory B2C Tenant
Bicep promises more efficient resource management, but there are notable challenges when working with Azure B2C. From customizing certain tenant properties to retrieving detailed information, we must face limitations. This post will show you how to create an Azure B2C resource with Bicep, identify current limitations, and find potential solutions.
Important: You can create an Azure B2C tenant with an ARM template or Bicep file, but you can’t update an existing B2C tenant. Also, you can’t redeploy a template with the same tenant name.
Prerequisites #
Before you start, you’ll need the following to deploy and manage a budget resource with Bicep:
- You need Azure CLI version 2.20.0 or later to deploy Bicep files on your local machine.
- A text editor or IDE of your choice (Visual Studio Code with Bicep extension is my recommendation)
Create the Bicep file #
The first step in deploying a Bicep template is to create the Bicep file that defines your resources. Create a new file named azadb2c.bicep. This file will contain the necessary code to define and configure your Azure B2C resource.
@description('Name of the project or solution')
@minLength(3)
@maxLength(37)
param projectName string
@description('The location where the AAD B2C Directory will be deployed.')
@allowed([
'global'
'unitedstates'
'europe'
'asiapacific'
'australia'
'japan'
])
param location string
@description('The name of the SKU for the AAD B2C Directory.')
@allowed([
'PremiumP1'
'PremiumP2'
'Standard'
])
param skuName string = 'PremiumP1'
@description('The tier of the SKU for the AAD B2C Directory.')
@allowed([
'A0'
])
param skuTier string = 'A0'
@description('The country code for the tenant.')
param countryCode string
@description('The display name for the AAD B2C Directory.')
param displayName string
@description('Resource tags')
param resourceTags object = {
environment: 'jorgebernhardt.com'
}
var directoryName = toLower('${projectName}.onmicrosoft.com')
resource AzAdB2c 'Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01' = {
name: directoryName
location: location
tags: resourceTags
sku: {
name: skuName
tier: skuTier
}
properties: {
createTenantProperties: {
countryCode: countryCode
displayName: displayName
}
}
}
output directoryId string = AzAdB2c.id
output directoryLocation string = AzAdB2c.location
output tenantId string = AzAdB2c.properties.tenantId
Use SKU Name to set pricing and service level for your Azure AD B2C directory - choose either PremiumP1, PremiumP2, or Standard.
When paying for Azure AD B2C, skuTier depends on the number of authentications and features, not capacity or performance. When using Bicep or ARM templates, you should choose A0 as skuTier according to Microsoft documentation.
CountryCode: Country codes follow the ISO 3166-1 alpha-2 standard. This value as it determines the location of the tenant’s data and can have implications in terms of regulatory compliance and network latency.
DisplayName : This property is more for human than technical purposes, so administrators can quickly identify and manage the resource.
Deployment scope #
You can target your deployment to a resource group, subscription, management group, or tenant. In this case, when creating the Azure B2C directories, an Azure resource group is needed to put all the necessary resources here. By default, when deploying a Bicep template, the scope where the resource should be deployed is a resource group.
You can use an existing Resource Group, or you can create a new Resource Group. If you want to know how to create a Resource Group using Azure CLI, check out this link.
Deploy the Bicep template using the Azure CLI #
Once your Bicep template is prepared, and you’ve selected your desired scope, you can proceed to deploy the template through the Azure CLI. To do so, execute the following commands.
Parameters #
Personalization is key to making your template reusable. With the parameters, you can easily tailor the template to your specific needs. You can use either inline parameters or a parameter file to pass parameter values. In my case, I will use a file to pass the parameters; here is an example.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"projectName": {
"value": "BicepDemoB2c"
},
"location": {
"value": "europe"
},
"skuName": {
"value": "PremiumP1"
},
"countryCode": {
"value": "ES"
},
"displayName": {
"value": "AzureB2cDemo"
},
"resourceTags": {
"value": {
"environment": "jorgebernhardt.com",
"bicep": "True"
}
}
}
}
Important: Please note that the parameter file stores parameter values in plain text format. If you need to include a parameter with sensitive data, it’s recommended to store the value in a secure key vault.
Preview changes #
Before deploying a Bicep file, you can preview the changes that will occur to your resources. Using what-if operations does not change existing resources; it simply shows you an output that includes color-coded results that allow you to see different changes.
az deployment group what-if \
--resource-group <Resource-group-name> \
--template-file <filename>.bicep \
--parameters @<filename>.parameters.json
Deploy the Azure resource #
Finally, to deploy the template, run the following command.
az deployment group create \
--resource-group <Resource-group-name> \
--template-file <filename>.bicep \
--parameters @<filename>.parameters.json
Validate the deployment #
To verify that the resource was created correctly, you can either use the Azure Portal or the Azure CLI to check the created resources and their configurations. For Azure CLI, use the following command. Taking as reference the output of the id of the tenant created, you can identify it in the list of tenants.
az account tenant list \
--query "[].tenantId"
References and useful links #
Thank you for taking the time to read my post. I sincerely hope that you find it helpful.