There does not seem to be an option to set up a custom domain for Azure AD B2C. With Azure AD it was available. The B2C version has a side help panel which indicates custom domains can be used, but no indication on how to do it.
Does anyone know how that can be done? (I'm specifically referring to the B2C version of AD.)
UPDATE
Here is a screenshot of where I am in the portal. This is just after I clicked the link "The domain name I need isn't shown here"
The screenshot you shared seems to be a description of Azure AD only (not Azure AD B2C).
Currently this feature is on the roadmap. Verifying your domain in the Domains tab in the Azure portal does not accomplish your goal.
See details from Azure AD B2C: FAQ.
Related
Any idea how to enable Azure Login in new developer portal? I have tried below link to set up account on azure AD. It enabled AD login in old developer portal but not in new one
https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-aad
Any link which can help with this?
This feature has not been released on Azure APIM new developer portal yet. Details see here .
As APIM product team indicated , this feature is comming soon :
it will be completed by general availability release, which is planned
for October/November.
Hope it helps.
Now Its enabled. I was able to configure to azureAD sign in.
Note: To Auto populate Sign up page. need to add additional claim (email) in the Azure AD App.
can follow below link
https://learn.microsoft.com/en-us/answers/questions/145976/can-sign-up-page-be-auto-populated-after-aad-authe.html
Getting error You are currently signed into the 'Azure AD B2C tenant' directory which does not have any subscriptions. when I try to create a resource in Azure AD B2C.
Please help I am new to Azure
Switch back to the directory where you have your subscription and create the resources there.
Don't take my answer as definitive, since I'm still a newbie, but at this point my understanding is this: B2C needs a new tenant because of the way it is designed (it isn't just an add-on for AD) and you link it to your subscription for billing purposes. But that's it. You don't need to create the resources for your app there, although I guess you could do it if you get a new subscription or transfer another one.
I already created a mobile app in my default tenant and successfully used the linked B2C tenant for authentication and I guess you've done that already. But since this was one of the few results that I got when I googled the message you quoted, I think it's worth sharing.
Have you done this ?
The Azure subscription has a trust relationship with Azure Active
Directory (Azure AD), which means that the subscription trusts Azure
AD to authenticate users, services, and devices. Multiple
subscriptions can trust the same Azure AD directory, but each
subscription can only trust a single directory.
Following link might help (check To associate an existing subscription to your Azure AD directory)
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
Azure AD B2C needs a Microsoft Azure Subscription for billing purposes. You're going to need 3 things to make that message go away:
Azure AD Tenant
MS Azure Subscription
Associate your Azure AD B2C tenant to the MS Azure Subscription
It's a bit strange as Azure AD B2C tenants feel very similar to Azure AD (and run on a lot of the the same infrastructure behind the scenes) ... but from a billing standpoint, they are almost treated like MS Azure resources (e.g. VM, App Service, etc)
I have an Azure AD B2C directory and can use the built-in policies in my application. I'd like to use the custom policies to add my own claim.
The issue is that I can't find where I can upload/download the XML files of the "Identity Experience Framework" as referenced here: Upload the policies to your tenant. The "Identity Experience Framework" is missing
Is there some requirements for the directory/subscription for this feature to show up?
From the Prerequisites section of that document you referenced:
To access custom policy editing, you need a valid Azure subscription linked to your tenant.
Put differently, if you haven't linked your Azure AD B2C tenant to an Azure subscription, the Identity Experience Framework button will not show up.
I’d like to use scopes in our Azure B2C instance, however all our resources are residing in a different active directory. Can I somehow also select the API instance from another Resource? Or is it possible to upgrade our main AD to an Azure B2C one? Or can we somehow move our subscription and all resources to our Azure B2C AD?
At this point in time, Azure AD B2C does not support multi-tenancy. You can vote and keep track of the feature in the Azure AD B2C UserVoice forum:
How to use Multitenant Applications Based on B2C
Without multitenancy, you will not be able to access resources from other tenants. It is also not possible to upgrade your main AD to an Azure AD B2C tenant, or have subscriptions within your Azure AD B2C Tenant.
Not entirely sure what your scenario is, but the recommended way to do this is by adding Azure AD as an identity provider. This currently can be done using custom policies, but I would encourage waiting until the feature is available through built-in policies.
I want to publish a web application to a Azure Web App and enable Organizational Authentication during the process. The wizard offers the following options:
I've added two custom domains to our Office 365 subscription that also show up in the corresponding Azure AD tenant.
Instead of using the default domain mycompany.onmicrosoft.com I want to use one of those custom domains so that this domain is shown to the user on various web pages that handle authentication and consent. I was able to use the custom domain without any problem when configuring Azure AD authentication for the web project.
When using the custom domain in the wizard (field domain in the screenshot), I first need to enter my O365 credentials. Shortly after, the following error is displayed:
Provisioning the destination end point failed with the error:
'The user account 'x#y.z' doesn't have the required permissions to access the domain 'y.z'.'
If you don't intend to enable Orgnizational Authentication during
publish, please turn that option off in the publish dialog.
The Directory Role of the account is Global Administrator and I've already registered multiple apps using this account. So I don't think that this has anything to do with permissions.
Do I have to use the *.onmicrosoft.com domain or can I solve this in a different way?
As a sidenote (just if this is makes a difference): the web app resides in a Azure subscription that belongs to my Microsoft account whereas the O365 Azure AD is administered by my work account and does not belong to a subscription. Of course, not the most straightforward way, but I guess pretty common for Microsoft partners as the Azure benefits can only be actived on a Microsoft account even if the partner already has a O365 subscription.
To use the custom domain for the organization authentication we need to enable it as the primary domain.
You can check it from the old Azure portal here like figure below:
Update( change the primary domain in new Azure portal)
locate Azure Active Directory->Domain names->select the domain which want to set as primary domain like figure below: