Skip to content

Latest commit

 

History

History
 
 

IEFUploadDownload

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 

PowerShell to configure and upload or download a set of B2C IEF policies

Purpose

PowerShell script with two functions:

  1. Configure and upload policies 1.1 Modifies the xml of a set of IEF policies replacing them with values from the target B2C tenant and an optional configuration (useful if policies need to be used in different tenants - Dev, QA, etc. - with different REST urls, key names, etc.) 1.2. Optionally uploads the files to a B2C tenants
  2. Download existing custom journeys from a tenant

Usage

Please install AzureADPreview module before proceding. You must also uninstall any non-preview versions of the AzureAD module (uninstall-module AzureAD).

Tenant setup

If you have never set up your B2C to use IEF policies you can use my IEF setup website or follow instructions provided in the official documentation to do so.

Policy setup

  1. Download the script file and execute it in a PowerSehll console to define the two functions included in it (there may be better way of doing this but I am not yet that good at PowerShell).
  2. Store your policies in a single folder. (The SampleData folder on this github project was downloaded from the starter pack for local acounts).
  3. Optionally, modify the sampleData/appSettings.json file to include any values you need to replace in the policies (e.g. REST API urls). The IEF resource and proxy app ids will be retrieved automatically from your B2C tenant - no need to provide them in the settings file.

The script will use the following string replacement rules to apply your appSettings.json values.

appSettings property String replaced in policy
PolicyPrefix Inserted into the name of policies, e.g. B2C_1A_MyTrustBase where My is the value of the PolicyPrefix. Makes it easier to handle several sets of IEF policies in the tenant
ProxyIdentityExperienceFrameworkAppId See IEF applications setup
IdentityExperienceFrameworkAppId See IEF applications setup
other You can define your own symbolic properties, e.g. "CheckPlayerAPIUrl": "https://myapi.com". If you do, modify the PowerShell script to use the value of the property as replacement in policies with an appropriate rule to select which text should be replacedg. Look for {CheckPlayerAPIUrl} string in both the TrustFrameworkExtensions.xml and the Upload-IEFPolicies.ps1 script to see an example

Upload-IEFPolicies

Use Upload-IEFPolicies function to upload your IEF policies to the B2C tenant you are currently signed into.

E.g.

Connect-AzureAD -TenantId yourtenant.onmicrosoft.com
$confFile = 'C:\LocalAccounts\appSettings.json'
$source = 'C:\LocalAccounts'
$dest = 'C:\LocalAccounts\updated'

Upload-IEFPolicies  -sourceDirectory $source -configurationFilePath $confFile -updatedSourceDirectory $dest`

or

Connect-AzureAD -TenantId yourtenant.onmicrosoft.com
cd 'c:\your directory with the IEF policies'
Upload-IEFPolicies -prefix AB

Parameters:

Property name Required Purpose
sourceDirectory Y Directory path where your xml policies are stored
updatedSourceDirectory N Directory path where the policies updated by this script will be stored. Also used to prevent uploading unmodified policies
configurationFilePath N json file with additional replacement strings. Default: .\conf.json. The script will match any property in this file with a string with format {} and replace it with the value of the property
generateOnly N If used, the script will only generate policy files but not upload them to B2C
prefix N String inserted into the name of generated policies, e.g. the new base policy name will be *B2C_1A_XYZTrustFrameBase, where XYZ is the value of the provided prefix

Download-IEFPolicies

Use Download-IEFPolicies function to download your IEF policies from the B2C tenant to a local folder.

E.g.

$dest = 'C:\LocalAccounts\policies'
Connect-AzureAD -TenantId yourtenant.onmicrosoft.com
download-IEFPolicies  -destinationPath $dest  `
Property name Required Purpose
destinationPath Y Directory path where your xml policies are stored. Must already exist
tenantName N Prefix part of your tenant name, e.g. mytenant represent mytenant.onmicrosoft.com