Enable age gating in Azure Active Directory B2C

Before you begin, use the Choose a policy type selector at the top of this page to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.

Age gating in Azure Active Directory B2C (Azure AD B2C) enables you to identify minors that want to use your application, with, or without parental consent. You can choose to block the minor from sign-in into the application. Or allow uses to complete the sign-in, and provide the application the minor status.

Important

This feature is in public preview. Do not use feature for production applications.

When age gating is enabled for a user flow, users are asked for their date of birth, and country/region of residence. If a user signs in that hasn't previously entered the information, they'll need to enter it the next time they sign in. The rules are applied every time a user signs in.

Screenshot of age gating information gather flow

Azure AD B2C uses the information that the user enters to identify whether they're a minor. The ageGroup field is then updated in their account. The value can be null, Undefined, Minor, Adult, and NotAdult. The ageGroup and consentProvidedForMinor fields are then used to calculate the value of legalAgeGroupClassification.

Prerequisites

Set up your tenant for age gating

To use age gating in a user flow, you need to configure your tenant to have extra properties.

  1. Use this link to try the age gating preview.
  2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
  3. Select All services in the top-left corner of the Azure portal, search for and select Azure AD B2C.
  4. Select Properties for your tenant in the menu on the left.
  5. Under the Age gating, select Configure.
  6. Wait for the operation to complete and your tenant will be set up for age gating.

Enable age gating in your user flow

After your tenant is set up to use age gating, you can then use this feature in user flows where it's enabled. You enable age gating with the following steps:

  1. Create a user flow that has age gating enabled.
  2. After you create the user flow, select Properties in the menu.
  3. In the Age gating section, select Enabled.
  4. For Sign-up or sign-in, select how you want to manage users:
    • Allow minors to access your application.
    • Block only minors below age of consent from accessing your application.
    • Block all minors from accessing your application.
  5. For On block, select one of the following options:
    • Send a JSON back to the application - this option sends a response back to the application that a minor was blocked.
    • Show an error page - the user is shown a page informing them that they can't access the application.

Test your user flow

  1. To test your policy, select Run user flow.
  2. For Application, select the web application named testapp1 that you previously registered. The Reply URL should show https://jwt.ms.
  3. Select the Run user flow button.
  4. Sign-in with a local or social account. Then select your country/region of residence, and date of birth that simulate a minor.
  5. Repeat the test, and select a date of birth that simulates an adult.

When you sign-in as a minor, you should see the following error message: Unfortunately, your sign on has been blocked. Privacy and online safety laws in your country prevent access to accounts belonging to children.

Enable age gating in your custom policy

  1. Get the example of an age gating policy on GitHub.
  2. In each file, replace the string yourtenant with the name of your Azure AD B2C tenant. For example, if the name of your B2C tenant is contosob2c, all instances of yourtenant.onmicrosoft.com become contosob2c.onmicrosoft.com.
  3. Upload the policy files.

Next steps