I am integrating AAD B2C with my application and when it sends an e-mail verification it has a subject title Microsoft on behalf of "example".
How do I change the "example" name to my organization name in the Azure AAD B2C UI?
Thanks
It should be possible to change it through Azure Active Directory -> Properties (Name field): https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Properties.
At least that is used for regular Azure AD invitation emails.
Related
This MS Tutorial Registering SPA missing this piece. What's the difference
• The documentation you are referring to is regarding the registration of a ‘Single Page Application (SPA)’ in Azure AD B2C. Thus, it directly refers to registering the application in an Azure AD B2C tenant/directory. The documentation doesn’t state where to register the application in Azure AD B2C because it considers that the sign into the Azure AD B2C tenant is through a local Azure AD B2C account or a work/school account and not through a social account or a private/personal account.
• You are getting that option because maybe you are registering your first application in that Azure AD B2C tenant/directory. As when you create a new Azure AD B2C tenant with a free tier Azure AD subscription and register your first application, you get that prompt to confirm where to associate your application with.
• Also, it might be because you are signed into the Azure AD B2C tenant with a user account who was invited to sign up into Azure AD B2C or the user has been created using his personal/public email ID in the tenant and the user signed up with his personal/social email ID account. Due to which, he has been granted privileges to register an application in that Azure AD B2C tenant and when you (that user) tried to register an application, you are getting that prompt asking whether to register that application in Azure AD B2C directory or associate it with that account with which you have logged in to the Azure AD B2C directory. Thus, this pop up in your case. For more information, you can refer to the link below which describes the account types in Azure AD B2C: -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/technical-overview#accounts-in-azure-ad-b2c
I'd like create the Azure AD B2B user with email-id For example: UPN as User1#gmail.com instead of User1#.onmicrosoft.com. I can see this is possible on B2C Tenant using Graph API as explained on the post Azure AD B2C - Can we sign-in using email-id instead of UPN - local accounts only custom policy? However, this approach doesn't work getting an error for B2B tenant.
Is there any way to achieve this using Azure B2B portal OR Graph API please? Thanks.
We can create the UPN with the email id of the verified domain in the Azure AD B2B.
For example, we can add the custom domain in Azure AD and make it as primary. Now, we can create users with UPN suffix as your custom domain.
If we cannot verify the domain or to use some personal mail accounts like gmail or yahoo, we can invite the user to Azure AD.
But the UPN seems to be similar to this :
Also, we can enable Sign-in to Azure AD with email as an alternate login ID.
Reference : Sign-in to Azure AD with email as an alternate login ID | Microsoft Docs
I've customers registered to an AD B2C tenant using a local account and I'l like to have them being able to login with those credentials on a different AD B2C tenant. Is it possible to somway federate the two AD B2C so that they can share the same user identity?
I know that it is possible to create custom policy to let an AD B2C use a multi-tenant Azure AD as identity provider, but I think this is not the case if the user identity is stored a local account in the AD B2C itself. 'am I wrong ?
In fact, Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C also works in this case.
I assume that you have B2C tenant A and B. You are configuring custom policy for tenant A. You just need to access https://login.microsoftonline.com/{your B2C tenant B}/v2.0/.well-known/openid-configuration in the broswer and get the value of issuer. And then copy and paste the value into the ValidTokenIssuerPrefixes key of TrustFrameworkExtensions.xml file.
After completing the configuration in the link above, you could use local account from tenant B to log into the application of tenant A.
I added to my Azure AD B2C option to log in by an external provider - Azure AD. Later on, I added my account from that tenant to Azure AD B2C as external users.
Unfortunately, when I log in, I get "User does not exist. Please sign up before you can sign in.".
When I use a different policy that allows me to sign in, my account is duplicated as Federated Azure Active Directory.
How we can prepopulate Azure AD B2C with external users to avoid signing in new accounts? I would like to move existing data from the tenant and avoid filling in unnecessary data. Moreover, I would like to allow particular users only to be able to log in to our application.
The problem here is that users added via the portal are essentially B2B or portal admin users.
These are not local accounts and hence cannot login to B2C.
If you have users in another AAD tenant that is federated with B2C, you do not have to manually add these users to B2C. A "linked account" (using the #EXT# format) is created when those users authenticate via their Azure AD.
I guess what you are saying is "avoid registering new users."
Azure B2C is for Consumer, not for Azure AD tenant. You should use Azure B2B feature to add guest user to your Azure AD B2C tenant and assign the necessary role/permissions to the guest user.
You could simply choose to use the + New guest user on Azure portal or Microsoft Graph API to add external users.
Just wondering whether you can help with my question below? O
Does Microsoft Azure AD B2C support multi tenant application? For example,
I created an Azure B2C service call Tenant A, link the service to my subscription account. Then I create the user TenantAAdmin as an admin (global administrator) for this tenant. This admin user be able to assign or create other user in the Azure AD B2C.
I created another Azure B2C service call Tenant B, link the service to my subscription account. Then I create the user TenantBAdmin as an admin (global administrator) for this tenant. This admin user be able to assign or create other user in the Azure AD B2C.
I had an service API e.g. monitor patient health services , this service API will be used for all tenants. How can I register this web API so that users in Tenant A and users in Tenant B are able to access and use the service?
Regards
Tom
You can use Custom policy implementation in Azure AD B2C to achieve multi tenant system for authentication.
Here is a very nice article covering all the scenario for configuring multi tenant system:
https://blogs.msdn.microsoft.com/mrochon/2017/07/27/developing-an-azure-ad-b2c-multi-tenant-application/
Also you can check our below QnA for reference
Multi-tenant Azure AD in Azure AD B2C
and
Multi-Tenant Azure AD Auth in Azure AD B2C with Custom Policies
Hope it helps.
As far as I know, we can use custom policies to enable sign-in for users using the multi-tenant endpoint for Azure Active Directory (Azure AD) in Azure AD B2C. For more details, please refer to https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-commonaad-custom.