I am trying to connect Azure AD to B2C via open ID connect. Using a MSAL JS i am able to successfully login to Azure AD and local B2C users.
However when a user is created in B2C portal (from Azure AD) the mail fields are missing e.g. name & email
looking through the ID token from the Azure AD there are no values returned for email or name.
You cannot create an Azure AD B2C user, e.g. federated from another Azure AD tenant to the Azure AD B2C tenant, using the Azure AD B2C portal. You must create this user using either an Azure AD B2C flow/policy or the Azure AD Graph API.
When you invite an Azure AD user from another Azure AD tenant to the Azure AD B2C tenant, they are added as a guest user, e.g. so that they can co-manage the Azure AD B2C tenant.
Related
I'm usign custom policies in Azure.
How to make any new account created as a visitor account and not a member please.
Can someone explain the differences between Guest and Member? What are consequences when creating a user in B2C?
Can't find it in the docs.
we have a choice to create users only with
UserType=Member in Azure AD B2C.
UserType=Guest is a implementation detail of Azure AD B2B which is a
feature of regular Azure AD and it is not supported in Azure AD B2C.
B2c Is designed basically for EXTERNALLY facing apps which have own
app specific login credentials.
and so There is no concept of a GUEST user for a B2C tenant.
If one need GUEST user type of access for B2C users, then they would have to invite them separately to the main AzureAD tenant.
References:
B2C Portal Login, B2C Guest Users - Cloud Identity Architect
Use map UserType with Azure AD Connect cloud sync | Microsoft Docs
can an invited guest user signin using azure ad b2c
I've connected an Azure AD to a OpenId IDP (based on KeyCloak) using Azure AD B2C. The connections works well and user can use external IDP to create an user on Azure AD an login in an basic application that I use for test.
I would like to connect existing user in Azure AD to the relative IDP identity.
Using Graph API, in users detail I've notice that users created from IDP has in identities array an identity with "signInType": "federated".
In Update user graph API documentation seams that identities isn't an updatable value.
Is it possible to connect the user on Azure to my external IDP?
• You want to connect the user ID in Azure to the external IDP, i.e., you want the user in Azure AD to login with Azure AD credentials in external/other IDP. Thus, you will want to federate your Azure AD tenant with the external IDP for Azure AD to be provisioned in external IDP and use SAML SSO for authentication purposes.
For the sake of convenience, let’s assume here that external IDP is Google cloud. So, you want to connect your Azure AD users to the Google cloud IDP, for this purpose, you would want to configure a federation between Google cloud Identity and Azure AD such that Azure AD users are provisioned in Google cloud workspace and these users use SAML SSO for authentication in Google cloud using their Azure AD provisioned identities. To configure the same, please refer the below documentation link for that purpose: -
https://cloud.google.com/architecture/identity/federating-gcp-with-azure-active-directory
If there are 2 companies with different domains, one is companyA and the other is companyB, they both have an Azure AD, Azure AD B2C and backend mobile application (backendA and backendB).
There are existing front-end mobile App mobileA which can access backendA after Azure AD B2C authentication of companyA and mobileB access backendB after Azure AD B2C authentication of companyB.
For my case, I want mobileA call the api of backendB after authentication of Azure AD B2C of companyA. But after getting the token from companyA, how backendB check the token is valid?
Thanks!
lihoma
You can register backendB in companyA's tenant as an app.
The mobileA app can acquire a token for backendB from its own tenant.
Then backendB will need to add support for companyA's tokens in addition to supporting companyB's tokens.
Can an invited guest user in Azure AD B2C signin using this Azure AD B2C and access a registered application?
What is the password in this case?
Invited guests are for admin purposes i.e. administer the B2C tenant.
Typically they would be e.g. in another Azure tenant and hence would use the password in that tenant.
Only local users i.e. users created via B2C SUSI policies can access applications.
I have application 1 that uses Azure AD B2B. User is logged in to the application 1. If the user is redirected from application 1 to application 2, I want the user to be automatically logged in to the application 2 as well.
Application 2 is using the AZure B2C AD.
Is that possible to achieve?
Thanks
It is possible if the Azure AD B2B identity is federated, as an external or "social" identity, with the Azure AD B2C tenant.
An example of this identity federation is shown by the Woodgrove Groceries sample where a B2B identity has been integrated with a B2C tenant.