What does <IncludeInSso> actually do in an Azure B2C custom policy?

3
votes

In the documentation for Azure B2C policies, under SSO session (https://docs.microsoft.com/en-au/azure/active-directory-b2c/active-directory-b2c-reference-sso-custom) there is no mention of the element which is available under technical policies.

Yet, in the starter pack code (eg. https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/blob/master/SocialAndLocalAccountsWithMfa/TrustFrameworkBase.xml) the element is used throughout.

Under the reference documentation for TechnicalProfiles, the element is not even mentioned (https://docs.microsoft.com/en-au/azure/active-directory-b2c/technicalprofiles)

Does anyone know what the element actually does? My guess is that it prevents that technical profile from using an existing session, but under what scenarios should I use it and which I shouldn't?

1
azure-ad-b2c

1 Answers

3
votes

This is an old post but an answer is relevant for other users to find :-)

The documentation has been updated to provide the following statement regarding includeinsso 

<!-- We need this here to suppress the SelfAsserted provider from invoking SSO on validation profiles. -->

What this tells us is that it only applies to technical profiles that are being used for validation and does not retrieve any values from the sso technical profile.

Sorry for the sloppiness. Adding answer from phone.