Single Sign-out in Azure AD B2C for the Registered Applications

Introduction

Single sign-out is an essential feature for applications that prioritize security and a seamless user experience. In Azure AD B2C, implementing single sign-out ensures that when users log out from one application, they are automatically signed out from all active sessions across multiple applications. This article provides a step-by-step guide to configuring it.

This article continues my previous article on Secure Logout redirects in Azure AD B2C for the Blazor application.

Configure Single sign-out

Configuring Single Sign-Out (SSO) in Azure AD B2C applications involves a combination of steps to ensure users are signed out from all applications and their Azure AD B2C session when they initiate a sign-out process.

Enable Front-Channel Logout

Log in to the Azure portal and hop into the B2C tenant

Go to the application from App Registration, under the Manage section, select Authentication.

Add the front-channel logout URL, as shown in the figure below.

Blazor App demo

Make sure the front-channel logout URL for all the applications is registered with Azure AD B2C for seamless single-sign-out integration.

Azure AD B2C uses a hidden iframe, so whenever a user logs out from one application, it sends a notification to other applications to end their sessions.

Summary

We have seen step-by-step instructions for enabling front-channel logout, configuring the Azure AD B2C logout endpoint, and implementing logout functionality in the application. Additionally, it highlights testing best practices to ensure the feature works effectively.