Using Azure Active Directory B2C to Configure SMS Code Authentication for Client Interviews

You can configure Azure Active Directory B2C to set up SMS code authentication for client interviews. This feature is best suited to larger organizations using Advance; consider using passphrase authentication as an alternative.

The configuration of Azure Active Directory B2C should only be attempted by those experienced with Azure Active Directory.

Prerequisites

  • Client interviews are an additional feature of Advance. Contact your account manager if you would like to add client interviews to your Advance subscription.
  • Client interviews must be activated in your tenancy by a Root Administrator.
  • You must have an Azure Active Directory (AD) B2C service provisioned. Consider creating a dedicated subscription in Azure.

Some of the following instructions refer to actions within the Microsoft Azure Portal and were correct at time of publication but may since have changed.

To configure Azure Active Directory B2C

To obtain the RedirectUri

  1. Log in to the Auth application in HotDocs Advance.
  2. In the navigation bar, click Client Interview Azure AD B2C.

A RedirectUri is shown. Take a note of this for future steps.

To register an application in Azure

  1. Log in to your Azure portal and navigate to your Azure AD B2C resource.
  2. Navigate to the Identity Experience Framework.
  3. In the menu, click App registrations.
  4. In the action bar, click New registration.
  5. Enter the following details:
    • Name - a name to identify the application. Please note, this name is visible to customers receiving an authentication SMS.
    • Supported account types - select "Accounts in any identity provider or organization directory (for authenticating users with user flows)"
    • RedirectUri- from the drop-down menu, select Web and enter the RedirectUri provided by the HotDocs Advance Auth application.
    • Permissions - select this setting.
  6. Click Register.
  7. The application is registered. Take note of the following details for future use:
    • Application (client) ID as "ClientId"
    • Directory (tenant) ID as "TenantId"
  8. In the menu, click Authentication.
  9. In the Implicit grant section, select the tokens for:
    • Access tokens
    • ID tokens
  10. Click Save.

To create authentication keys

  1. Navigate to the Identity Experience Framework.
  2. In the menu, click Policy keys.
  3. In the action bar, click Add.
  4. Edit the following settings:
    • Options - select Generate.
    • Name - enter "{tenancymoniker}TokenSigningKeyContainer" replacing {tenancymoniker} with your HotDocs Advance tenancy moniker, e.g. SitenameTokenSigningKeyContainer.
    • Key type - select RSA.
    • Key usage - select Signature.
  5. Click Create.
  6. In the action bar, click Add.
  7. Edit the following settings:
    • Options - select Generate.
    • Name - enter "{tenancymoniker}TokenEncryptionKeyContainer" replacing {tenancymoniker} with your HotDocs Advance tenancy moniker.
    • Key type - select RSA.
    • Key usage - select Encryption.
  8. Click Create.
  9. In the action bar, click Add.
  10. Edit the following settings:
    • Options - select Manual.
    • Secret- enter the secret key. Note that the length of the secret should be at least 32 characters. Take a note of this secret as "Key" for later use.
    • Name - enter "{tenancymoniker}ParametersTokenSigningKey" replacing {tenancymoniker} with your HotDocs Advance tenancy moniker.ParametersTokenSigningKey
    • Key usage - select Signature.
  11. Click Create.
  12. Navigate to your Azure AD B2C resource and take a note of the Domain name as "Tenant" for later use.

You should now have the following details:

  • ClientId
  • Tenant
  • TenantId
  • Key

To configure HotDocs Advance to use your Azure AD B2C application

  1. Log in to the HotDocs Advance Auth application.
  2. In the navigation bar, click Client Interview Azure AD B2C.
  3. If your tenancy does not have Client Interview Azure AD B2C configured, click Create.
    • If your tenancy is configured for Client Interview Azure AD B2C, click Edit to update the details.
  4. Enter the tenancy details into the Create tenancy form, using the information gathered above:
    • Tenant
    • ClientId
    • TenantId
    • Key
  5. Click Save.

To configure your Azure AD B2C policies

  1. Log in to the Auth application in HotDocs Advance.
  2. In the navigation bar, click Client Interview Azure AD B2C.
  3. Click Base phone policy and Verify phone policy to download your Azure AD B2C policies. These policies are only available if client interviews are deployed and configured.
  4. Log in to your Azure portal and navigate to your Azure AD B2C resource.
  5. Navigate to the Identity Experience Framework.
  6. In the menu, click Custom policies.
  7. Click Upload custom policy.
  8. Select the policy downloaded from the Base endpoint and click Upload.
  9. Repeat for the policy downloaded from the Verify endpoint.

Azure AD B2C is now fully configured for HotDocs Advance.

Next steps

  1. Edit the site settings to enable client interviews with SMS code authentication.