QuickPIM a multi-role PIM activation extension for Google Chrome
March 31, 2025
Azure AI Developer Hackathon
March 31, 2025
Note that this post is about a PoC; it is not production-ready, so use it at your own risk!
Please read my previous post as I won’t repeat all the details.
The original B2C sample is here.
You use B2C custom policies so you have access to the workflows, but you replace the B2C API with Graph calls to an Azure function that calls Entra External ID (EEID).
You still get the power of workflows, but the data lives in EEID.
This makes it much easier to migrate over at some point.
EEID does not have a Profile Edit flow, but B2C does, so let’s use that to update users in EEID.
As usual, the custom policy and the function code are in a gist.
The function code needs updating:
I leave that as an exercise.
I have added an update method to the function.
I also added a lot of debugging messages.
As I was only interested in profile edit, I removed a lot of the custom policy code. The original is available from the Github sample.
When the sample was written, native authentication wasn’t yet released, so it uses RPOC for authentication.
Updating the function to use native auth. is on my list 😃
You can run the function locally, but you need to use ngrok to allow B2C access to the function.
Run it in the command line, and the command is:
ngrok http 7257
This results in, e.g.:
Forwarding https://50d4-222-155-30-156.ngrok-free.app -> http://localhost:7257
You need to change the REST API calls in the custom policy to do this, e.g.
https://50d4-222-155-30-156.ngrok-free.app/api/ciamhelper
You could also run the function in an Azure app service that is publicly available.
Let’s run the policy.
Notice it’s a B2C login screen.
But we log in with a user in EEID.
We get the profile edit screen:
Let’s update the first name to “Tam”.
And we get the JWT back:
"signInName": "tomjones@company.co.nz",
"name": "Tom Jones",
"given_name": "Tam",
Now let’s rerun the profile edit policy.
And, indeed, the first name has been updated.
Looking at my B2C tenant, there is no Tom Jones:
Looking at my EEID tenant, there is a Tom Jomes with a first name of Tam:
All good!
Using Azure AD B2C custom policies to implement Profile Edit on Entra External ID was originally published in The new control plane on Medium, where people are continuing the conversation by highlighting and responding to this story.
