Step-By-Step Implementation Walk Through:

Step 1: Configure Microsoft Entra External ID for Secure Patient Sign-Up and Sign-In

  1. Create Your Azure Free Account Or Pay As You Go | Microsoft Azure

  2. After creating your account, you need to sign up for a subscription, which requires entering a credit card

  3. Select “Microsoft Entra ID”

  1. Choose “Manage tenants”

  1. Select “Create”

  1. Select a tenant type as “Microsoft Entra External ID” and then click “Next: Configuration >

  1. Set the Organization Name and Initial domain name. And then create new resource group for your reference.

  1. Click “Next: review + Create >

  1. Click “Create

  1. Click on “Tenant creation was successful. Click here to navigate to your new tenant: your organization name.

  2. You are required to sign in again. Pick your account to continue to Microsoft Azure.

  3. Select the "App registrations" submenu

  1. Select “New registration

  1. Set the name as "Automating Medication Refill" For "Who can use this application or access this API?" select "Accounts in this organizational directory only (your tenant name only - Single tenant)" Then set the Redirect URI type as "Web" with the URL: http://localhost:5000/auth/callback and then click register

  1. Click the display name "Automating Medication Refill"

  1. Click “API permissions” submenu

  1. Add the following permissions and grant admin consent:

Configured Microsoft Graph API Permissions

  1. Application.Read.All (Application) – Read all applications

  2. Directory.AccessAsUser.All (Delegated) – Access directory as the signed-in user

  3. Directory.Read.All (Application) – Read directory data

  4. offline_access (Delegated) – Maintain access to data you have given it access to

  5. openid (Delegated) – Sign users in

  6. User.Read (Delegated) – Sign in and read user profile

  7. User.Read.All (Application) – Read all users’ full profiles

  8. User.ReadWrite.All (Delegated) – Read and write all users’ full profiles

  9. User.ReadWrite.All (Application) – Read and write all users’ full profiles

Other Permissions Granted (not yet in configured list)

  1. User.ReadWrite (Delegated) – Read and write access to user profile

  1. Select the “External Identities” > “Custom user attributes” and add the following attributes:

  • City – String – The city in which the user is located. (Built-in)

  • Country/Region – String – The country/region in which the user is located. (Built-in)

  • Date of Birth – String – Patient’s Date of Birth. (Custom)

  • Display Name – String – Display name of the user. (Built-in)

  • Email Address – String – Email address of the user. (Built-in)

  • Gender – String – (Custom)

  • Given Name – String – The user’s given name (first name). (Built-in)

  • Hospital Number – String – Patient’s Hospital Number. (Custom)

  • Job Title – String – The user’s job title. (Built-in)

  • Postal Code – String – The postal code of the user’s address. (Built-in)

  • State/Province – String – The state or province in user’s address. (Built-in)

  • Street Address – String – The street address where the user is located. (Built-in)

  • Surname – String – The user’s surname (family/last name). (Built-in)

  1. Select "External Identities" > "User flows" and add a new user flow named "SignUpSignIn" Choose "Email with password" as the Identity provider, then select the following attributes to collects:

  • City – String – The city in which the user is located. (Built-in)

  • Country/Region – String – The country/region in which the user is located. (Built-in)

  • Date of Birth – String – Patient’s Date of Birth. (Custom)

  • Display Name – String – Display name of the user. (Built-in)

  • Email Address – String – Email address of the user. (Built-in)

  • Gender – String – (Custom)

  • Given Name – String – The user’s given name (first name). (Built-in)

  • Hospital Number – String – Patient’s Hospital Number. (Custom)

  • Job Title – String – The user’s job title. (Built-in)

  • Postal Code – String – The postal code of the user’s address. (Built-in)

  • State/Province – String – The state or province in user’s address. (Built-in)

  • Street Address – String – The street address where the user is located. (Built-in)

  • Surname – String – The user’s surname (family/last name). (Built-in)

  1. Navigate to the "Page layouts" submenu and arrange the user attributes in the following order:

  • Given Name – String – TextBox – givenName

  • Surname – String – TextBox – surname

  • Gender – String – RadioSingleSelect – Gender

  • Display Name – String – TextBox – displayName

  • Job Title – String – TextBox – jobTitle

  • Street Address – String – TextBox – streetAddress

  • City – String – TextBox – city

  • State/Province – String – TextBox – state

  • Country/Region – String – TextBox – country

  • Postal Code – String – TextBox – postalCode

  • Email Address – String – TextBox – email

  1. After completing all settings, click "Run user flow" to test the functionality.

  1. Select “Create one

  1. Enter your email address to create a new account

  1. Check your email for the account verification code

  1. Log in to your email, enter the verification code, and click "Next"

  1. Complete all required fields to set up your account, and click "Next"

  1. Click “Yes” to stay signed in

  1. Navigate to the "App registrations" submenu and click on "Automating Medication Refill" under Managed application in local directory

  1. And then select the “Single sign-on” submenu

  1. Add the follows new claims

  • DOB – user.DateofBirth (Custom)

  • Gender – user.Gender (Custom)

  • HN – user.HospitalNumber (Custom)

  1. Select "Directory schema extension" as the source type and select “b2c-extentions-app” and click “Select

  1. Select Extension Attributes for the custom user attributes you created in Step 16. Note that these extension attributes will be stored in the "b2c-extensions-app".