I'd like create the Azure AD B2B user with email-id For example: UPN as User1#gmail.com instead of User1#.onmicrosoft.com. I can see this is possible on B2C Tenant using Graph API as explained on the post Azure AD B2C - Can we sign-in using email-id instead of UPN - local accounts only custom policy? However, this approach doesn't work getting an error for B2B tenant.
Is there any way to achieve this using Azure B2B portal OR Graph API please? Thanks.
We can create the UPN with the email id of the verified domain in the Azure AD B2B.
For example, we can add the custom domain in Azure AD and make it as primary. Now, we can create users with UPN suffix as your custom domain.
If we cannot verify the domain or to use some personal mail accounts like gmail or yahoo, we can invite the user to Azure AD.
But the UPN seems to be similar to this :
Also, we can enable Sign-in to Azure AD with email as an alternate login ID.
Reference : Sign-in to Azure AD with email as an alternate login ID | Microsoft Docs
Related
We use Azure AD for our organisation's AD to manage our users. We are also setting up an Azure AD B2C environment for our external websites. As part of this we are allowing our staff to log into these sites using their windows accounts.
Is it possible to manage the staff's B2C user account from Azure AD? For example, in B2C we have setup groups. We would ideally like to be able to create new user accounts in B2C from our Azure AD, and assign users to groups. Is this possible? Or can we only manage these users from only within B2C or through using the Microsoft Graph API?
Finally, when a user is disabled in our Azure AD, would this then prevent their account being used to sign into one of our websites as that user is no longer active in the identity provider?
Is it possible if your Azure AD B2C tenant federates with the Azure AD tenant. If the user account id disabled it won't be able to sigin any application.
I am integrating AAD B2C with my application and when it sends an e-mail verification it has a subject title Microsoft on behalf of "example".
How do I change the "example" name to my organization name in the Azure AAD B2C UI?
Thanks
It should be possible to change it through Azure Active Directory -> Properties (Name field): https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties.
At least that is used for regular Azure AD invitation emails.
We are looking at Azure AD B2C and wish to use the Azure AD Graph API to create users using the User Admin Role. For security reasons wish want to assign this permission for the Azure AD B2C Tenant only and not the Azure AD Tenant. I have not found an example of this so wish to confirm is it possible?
Cheers,
Lastbuilders
There is no separate Azure AD tenant and Azure AD B2C tenant.
It is all the B2C tenant.
So an application having access via Graph API means access to everything in the tenant.
I added to my Azure AD B2C option to log in by an external provider - Azure AD. Later on, I added my account from that tenant to Azure AD B2C as external users.
Unfortunately, when I log in, I get "User does not exist. Please sign up before you can sign in.".
When I use a different policy that allows me to sign in, my account is duplicated as Federated Azure Active Directory.
How we can prepopulate Azure AD B2C with external users to avoid signing in new accounts? I would like to move existing data from the tenant and avoid filling in unnecessary data. Moreover, I would like to allow particular users only to be able to log in to our application.
The problem here is that users added via the portal are essentially B2B or portal admin users.
These are not local accounts and hence cannot login to B2C.
If you have users in another AAD tenant that is federated with B2C, you do not have to manually add these users to B2C. A "linked account" (using the #EXT# format) is created when those users authenticate via their Azure AD.
I guess what you are saying is "avoid registering new users."
Azure B2C is for Consumer, not for Azure AD tenant. You should use Azure B2B feature to add guest user to your Azure AD B2C tenant and assign the necessary role/permissions to the guest user.
You could simply choose to use the + New guest user on Azure portal or Microsoft Graph API to add external users.
Just wondering whether you can help with my question below? O
Does Microsoft Azure AD B2C support multi tenant application? For example,
I created an Azure B2C service call Tenant A, link the service to my subscription account. Then I create the user TenantAAdmin as an admin (global administrator) for this tenant. This admin user be able to assign or create other user in the Azure AD B2C.
I created another Azure B2C service call Tenant B, link the service to my subscription account. Then I create the user TenantBAdmin as an admin (global administrator) for this tenant. This admin user be able to assign or create other user in the Azure AD B2C.
I had an service API e.g. monitor patient health services , this service API will be used for all tenants. How can I register this web API so that users in Tenant A and users in Tenant B are able to access and use the service?
Regards
Tom
You can use Custom policy implementation in Azure AD B2C to achieve multi tenant system for authentication.
Here is a very nice article covering all the scenario for configuring multi tenant system:
https://blogs.msdn.microsoft.com/mrochon/2017/07/27/developing-an-azure-ad-b2c-multi-tenant-application/
Also you can check our below QnA for reference
Multi-tenant Azure AD in Azure AD B2C
and
Multi-Tenant Azure AD Auth in Azure AD B2C with Custom Policies
Hope it helps.
As far as I know, we can use custom policies to enable sign-in for users using the multi-tenant endpoint for Azure Active Directory (Azure AD) in Azure AD B2C. For more details, please refer to https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom.