I have an Azure AD B2C tenant and when I go to the 'Overview' tab, I see the following message:
This is not an Azure AD B2C directory. To create a new B2C directory & manage your consumer identities in the cloud, click the articles below.
I don't understand why this is being displayed, and what the implications would be.
I thought that it was impossible to have a tenant without a directory.
How do I fix this issue?
I think what you see should be this prompt:
The reason is that you are currently logged in to the directory of the Azure AD tenant and not the directory of the Azure B2C tenant. When you click the Azure AD B2C tab in the Azure AD tenant directory, you will receive this prompt.
So, make sure you have a B2C tenant, and then select Directory + Subscription filter in the top menu of the Azure portal, and then select the directory that contains Azure AD B2C tenants.
In my case Azure Portals incapability to update (and show) the newly created (B2C) directory was the problem. A logout / login solved this.
I am unaware how much time needs to pass though ;).
Related
All,
I have been trying for hours to show to Identity Providers menu in Azure AD B2C to no avail as I need to add FB as Identity Provider. May I know if there is a role I need to assign myself. I have assigned all roles to myself including the global administrator role.
Based on your screenshot, It shows:
This is not an Azure AD B2C directory. To create a new B2C directory &
manage your consumer identities in the cloud, click the articles
below.
Make sure you follow the steps to create the B2C tenant.
If you have created it, you need to switch to the B2C tenant.
I have an Azure AD B2C tenant that I want to delete (pita process!).
So I have to delete manually all registered applications first.
And somehow I got an enterprise application named "Azure DevOps" registered there.
Which is undeletable. How to remove it?
I have found that there is no ne3ed to delete this application in order to delete the B2C tenant. Go to the properties of this application, then set "Enable users to sign-in to No". Then it will be posssible to delete the B2C tenant.
If you are trying to delete the Azure AD B2C tenant, I guess you have deleted all the users and admins.
Anyway, you need an admin account (if you don't have one, just create it) to log in to Azure AD in Powershell and use Remove-AzureADServicePrincipal -objectid to delete this enterprise app.
See details here.
The documentation for Azure Active Directory B2C states ADConnect can’t be used to migrate users. I believe this is referring to the native store.
“No, Azure AD Connect is not designed to work with Azure AD B2C.”
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs
But can I use ADConnect if I configure Azure Active Directory as an Identity Provider?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory
If you setup sync to an Azure AD from on-prem AD with AAD Connect,
and then connect that AAD as an identity provider to B2C,
it will work.
Note you should use another Azure AD tenant for this, OT the one underneath the B2C tenant.
It also works quite nicely at least based on my short testing that if you have a single IdP in the sign-in policy, the B2C pages don't even show up.
Of course the first time, users will have to "sign up" to the B2C tenant with their AAD account.
Technically the sentence is correct that you can't migrate users to B2C with AAD Connect, but there is this roundabout way of doing it.
Technically the users are not migrated to B2C, but we migrate them to a place where they can be utilized from by B2C.
I created an Azure AD B2C tenant, added applications to it and configured Postman according to this article:
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/azure-ad-b2c-webapi?view=aspnetcore-2.2
My problem is I can't log in with user accounts which I added to my tenant.
I created two users the user type of them is member ansd source is Azure Active Directory.
But when I try to log in I get back the following error message:
"Invalid username or password."
What should I set up yet?
The users created through the portal cannot be used by Azure AD B2C. Azure AD B2C uses the 'signin names' property of the user to sign in. The users created through the portal can be used for sign in using AAD (enterprise scenario).
As Chris mentioned, one needs to use a Signup policy or Azure AD Graph flow to create a user for b2c to be able to sign in.
Please see this answer
Adding users to Azure B2C without using a sign-up policy
I've been following this guide to get a B2C AD up and running
Create the B2C directory in the old portal (http://manage.windowsazure.com) ensuring "This is a B2C Directory" is checked.
Register an application in the new portal (http://portal.azure.com) under the B2C blade
Create the sign in policy.
When I try and test the sign in policy with the "Run now" and try and log in with my local account (the same one which has created the B2C AD -- the global administrator for this new AD) all I am met with is "We don't recognize this user ID or password".
What have I missed here?
I am able to reproduce this issue too. If you want to manage the users for the Azure B2C tenant, you can login the classic Azure Portal from here. However, currently there are a couple of known issues with user management (the Users tab) on the Azure classic portal:
Refer here about the Azure Active Directory B2C: Limitations and restrictions.
And if you want Azure AD to enable to login with the default global admin account, you can submit the feedback from here.