Use this GitHub Action to deploy an Azure AD B2C custom policy into your Azure Active Directory B2C tenant using the Microsoft Graph API. If the policy does not yet exist, it will be created. If the policy already exists, it will be replaced.

Microsoft Graph allows you to manage many of the resources within your Azure AD B2C tenant, including customer user accounts and custom policies. Before your scripts and applications can interact with the Microsoft Graph API to manage Azure AD B2C resources, you need to create an application registration in your Azure AD B2C tenant that grants the required API permissions.

To create an MS Graph application, follow these steps:

1. Follow the guidance how to register management application.
2. Take a note on the application client ID you registered.
3. Grant API access, and make sure to select Policy.ReadWrite.TrustFramework.
4. Create client secret.

For more information, see Deploy Azure AD B2C custom policy with GitHub actions.

on: push

env:
  clientId: 00000000-0000-0000-0000-000000000000
  tenant: my-tenant.onmicrosoft.com

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2

    - name: 'Upload TrustFrameworkBase Policy'
      uses: azure-ad-b2c/deploy-trustframework-policy@v3
      with:
        folder: "./Policies"
        files: "TrustFrameworkBase.xml,TrustFrameworkExtensions.xml,SignUpOrSignin.xml"
        tenant: ${{ env.tenant }}
        clientId: ${{ env.clientId }}
        clientSecret: ${{ secrets.clientSecret }}

Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c].

If you find a bug in the sample, please raise the issue on GitHub Issues.

To provide product feedback, visit the Azure AD B2C feedback page.