Create a new App registration in Azure AD B2C and then a new Client Secret for your App registration. You're gonna use that Client Secret as credentials for the Terraform provider.
When authenticated with a service principal, this resource requires one of the following application roles: Application.ReadWrite.All or Directory.ReadWrite.All. Along with that, to enable terraform to read the domain information, it's required to grant the Domain.Read.All role.
NOTE: choose for
Microsoft Graphwhen adding permissions to the application. It's important toGrant admin consentfor those permissions because they require a high level access. If you're not an admin, contact the account administrator.
First, you need to store the credentials in environment variables:
export ARM_CLIENT_ID="00000000-0000-0000-0000-000000000000"
export ARM_CLIENT_SECRET="MyCl1eNtSeCr3t"
export ARM_TENANT_ID="10000000-2000-3000-4000-500000000000"terraform initterraform planterraform applyType the following command to see the output credentials from the just created App Registration:
terraform output app_registration_client_secret_key_idterraform output app_registration_client_secret_valueFirslty, you need to create a new Policy Key in Azure B2C called TokenSigningKeyContainer and another called B2C_1A_FacebookSecret as signature, finally one called TokenEncryptionKeyContainer as encryption.