I apologize if this has been asked in the past. The last post (I found) here and on UserVoice asking this question was in 2017 so I wanted to be sure nothing has changed since then.
I am able to disable/block local accounts in B2C via Graph by setting AccountEnabled to false. The message when the user tries to sign in is "Your account has been locked. Contact your support person to unlock it, then try again." Please correct me if that is not how to go about it. However, the same doesn't seem to work for federated accounts.
How can one disable/block sign-in for a federated/social account?
Thank you for your help.
It’s because those are always disabled, and the check is skipped since that check occurs when B2C checks the backend for creds.
Use this sample
https://github.com/azure-ad-b2c/samples/tree/master/policies/disable-social-account-from-logon
Related
I'm using Azure B2C. I have a custom claim I want include on profile edit. This is the built in user flow for Profile Edit (B2C_1_ProfileEdit).
I go to Application claims, select my claim, and click Save I get an error message
"Unexpected error, please try again later"
No details were given in the error message.
What could this be? I'm not sure where to look to debug it? Any ideas?
I was about to create a support ticket with Microsoft today. Before I did that, I tried to update it again and it worked this time. Must have been an Azure problem !
I followed the tutorial here to be able to ask user's consent and store it in the AD as custom extension (from what I did understood...)
The custom flow seems to work well (consents are asked during signup process) but then I want to verify them in the AD (and maybe delete them from the admin console for new tests) I did not found where I can see them...
I tried to retrieve them through MS Graph API explorer (I started in on my tenant on the URL https://developer.microsoft.com/en-us/graph/graph-explorer?tenant=xxxx.onmicrosoft.com) and I try to call the endpoint https://graph.microsoft.com/v1.0/users/ae29dab2-...-f4d813ca6dec/extensions but I get no extensions back...
Am I doing things right ? Is there another way to verify what are the current user's custom extensions ?
I think those extensions are well stored, because when I try to login again with the same user, no consents is asked anymore...
Thanks in advance for your help!
Try https://graph.microsoft.com/beta/users/UsersObjectId. It will return their extension attributes in the response.
I'm in a bind with Azure login account. I've forgotten my password for my account that I use for a client's DevOps. It wasn't until I ended up created another account today to troubleshoot the problem that I might understand the issue, but still can't fix it.
About a year ago, my client added me as a Guest in their Active Directory. I did not have an active directory myself. I got the notice from Microsoft in an invite email to get started, which created an account to get access to their Azure Portal and DevOps. I've been logged in for a year, but was trying test a feature which required me to login to DevOps during the process. I tried what I thought was my password, but that didn't work. No problem, I'll just click on the reset password feature. That ended up informing me that "password reset isn't properly set up for your organization." Knowing who setup my account up, I ask them to reset my password. The response was we do not have control to reset your password because you're a guest.
Through several discussions, and seeing what was available to them, and how a Guest was set up, it was suggested to setup an account within Microsoft for the email. I did that, and when I went back to try and login to their portal, I was presented with two options after I entered my email address. There was a work account and a personal account. Both with the same email address. The work account indicated it was created by "your IT department". Which we did not create this, it was a result of the client adding us as a guest, then finishing the process to gain access. So I can only assume, either an active directory was created for my domain, or I was added to a generic active directory.
In either case, I still can't change the password for the work account, and researching has not helped, as it keeps resetting my personal account.
Does anyone have any suggestions on how to resolve this issue?
Here is what I'm currently seeing.
Thank you,
Marc
You don't have an AAD tenant. So I assume that your account is an Microsoft personal account.
Although you are added as the guest user in your client's tenant, the password management is not handled by that tenant. It is still handled by Microsoft personal account.
You can reset your password here: click on Sign In, enter your account and click on Forgot password?.
During the password reset policy, you enter an email and verify it by entering a code emailed to the account you enter. Once you hit continue, you are given the options to: 'Change Email', 'Continue', or 'Cancel'.
Is there any way to skip this step? It's really not necessary and probably only adds confusion. 'Cancel' is available throughout the whole process and 'Change Email' serves nearly the same purpose. It seems very unlikely to be used once you've already gone through the effort of verifying your email anyways.
Unfortunately, you cannot currently change the flow of the Password Reset Policy for Azure AD B2C.
This is a kind of MFA step for SSPR.
You can upvote this UserVoice feedback item: "Change password" policy. Azure Team has already followed it. You can also give your comments on that page.
Hope this helps!
I have a v-xxxxx.microsoft.com ID through which i have created a account in microsoft Azure 90 days free trial account.
I am not able to login microsoft axure portal through v-xxxxx.microsoft.com ID. It is showing me error as "Sorry, we can't sign you in here with your #MICROSOFT.COM account."
Please can someone help here ?
Thanks
There are couple of things you can try as below:
Use In-Private Browsing with IE9/10 and see if you can enter your credentials
With #1 try to use the URL redirecting to domain ID
https://manage.windowsazure.com/?whr=microsoft.com
If you have other live account already included as co-admin or service administrator with your Azure Subscription please use that live account instead.
Finally if none of above option work, it is possible that your problem is related with lingering ordid issue. What you can do is contact Microsoft Support directly and ask them to route your issue to Windows Azure Support. This is only specific to Windows Azure Portal login issues.
Create a new account with an other email address. You can have a free trial per email address.