What goes in the Authority field for API Management Identity Provider

Question

Problem

I'm in the process of building out an API using Azure API Management Service. I've created an Azure AD B2C tenant by which I'd which to authorize calls to said API.

I was able to setup the tenant successfully; however, I'm running into an issue when attempting to add an Identity Provider of type Azure Active Directory B2C.

I'm following this walkthrough from 2017: https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad-b2c

The problem is that something has changed in the actual creation wizard that is not covered in the Azure documentation. There is an additional field that is required: Authority; what goes there?

What I've Tried

So far, I've searched the web and the only thing that I could find were ASP.NET applications referencing the following schema for an Authority:

https://login.microsoftonline.com/tfp/{tenant}/B2C_1_{signup_policy}

I attempted this (filling in the missing values unique to my tenant and sign-up policy) and I get the error: "One or more fields contain incorrect values: Azure Active Directory B2C authority is not valid."

Can someone tell me what should go there or at least point me in the direction of the updated Azure documentation that does? Again, the linked documentation above is from 2017 and doesn't mention an Authorize field.

Answer 1

Authority field is there to control authority of your login URL. For Azure B2C login URL used to start with https://.onmicrosoft.com, recently they've introduced a new primary authority: https://learn.microsoft.com/en-us/azure/active-directory-b2c/b2clogin.

This field let's you customize which one you want to use. It should prefil to {tenant}.b2clogin.com, but that seems to be broken. Will be fixed shortly.

Update: I updated your example above the < > characters weren't rendering, so I switched to { }.