I have a B2C directory (6 months old) and the portal says there's a new streamlined user flow (see image below) - is that only for new tenants or is there a way to migrate?
Clicking the purple message directs me off to my main hosting tenant, to the page where you create a new B2C Directory. On that portal page there's a single link, which takes you off to the B2C product page
Update - here's my repro steps:
1) login to azure portal on my main Azure subscription
2) Hit filter button ('Directory + Subscription') to change to B2C directory
3) go to Azure AD B2C blade as per above screenshot
4) click purple bar ("The new B2C experience is here...") (the link on this is https://portal.azure.com/#)
5) a new tab opens which takes you back to the Azure AD B2C blade in the hosting tenant (as per step 1):
6) if you click the "Get started..." link it takes you off the product page.
If you want to use this experience, you just click the prompts, then it will redirect you to the new experience.
From you shown picture, you already use this new experience.
I post my experience here, you can see the new experience is just update user flows(preview) to policies. And the new policies will be very convenient for you to use.
The user flows(preview) vs policies:
I've finally solved this thanks to re-reading #Sunny Sun's comments, which I misunderstood the first time round.
The trick here is that your default directory must be set to the target B2C directory and not (as was my default) to my main subscription directory.
You can change the default directory via the filter button ('Directory + Subscription') as per the image below and then change it back once the change has taken place.
Related
First issue, signing in to dev.azure.com no longer works like it used to? In the past, there was a link to sign in to Azure DevOps. This link is no longer on the page, and when using the Sign In option in the upper right corner, I'm routed to the Azure portal, not ADO. What is the correct landing page for ADO login?
Second issue, if I do get to the login page (e.g., either by entering the org directly in the url like dev.azure.com/MyTestOrg or by clicking a link in an ADO alert email), I will often get this error: AADSTS900144: The request body must contain the following parameter: 'code'
1.For logging to Azure DevOps issue, it is suggested you can first clear the cache, then try this link:My Information first by following the step select your affected tenant -> select the affected organization, then login your organization.
2.For logging to Azure Portal, try this link: Home - Microsoft Azure with the affected user account.
3.For the issue situation above, check whether your user account is also a Github user, if so, it is suggested that you should first unlink your GitHub account from the affected user.
You can follow the steps below to unlink your GitHub account from the affected user.
Step 1: Please help unlink your GitHub account from your MSA:
·
Navigate to https://account.microsoft.com/security
Select the Advanced Security Options tile and then look for the
"Ways to prove who you are" section
This will list all the authentication options for your MSA
From this list, find and expand the Sign in with GitHub option,
select Remove, and then confirm
You may be prompted to create a new password
Step 2: After the operation1 above completed, then let the PCA or Org owner try deleting the affected user from the organization, and then try adding it to the org again, after successfully adding it, then check in the Email box firstly to see whether received an invitation email of Azure DevOps as below with your affected user account.
Then copy the inviting link and open it in InPrivate mode with Edge or Chrome browser with affected user account to login the org to see whether if it works.
I am unable to delete the b2c tenant created by me during a lab demonstration of how to integrate social IDP to a web app. I followed and completed all the processes but the delete tenant button stays greyed out.....It says "Remove Domain Services"...and has been stuck on there ever since1... Click on the Hyperlink to view image
remove domain services error
But once i click there to remove it...It displays nothing....
After clicking on "Remove Domain services"
According to the link provided by #Raghavendra- MSFT Identity.We can create an user account named like 'admin#personal_b2c_account.onmicrosoft.com' in B2C directory, and assign the 'global administrator' role. Logging in as this user, there will be no error to remove domain services, only to remove users. Removing the personal account from the B2C directory, and we are able to delete the directory after that.
And click Azure AD Domain Services in the picture shown, the welcome to azure! interface will also appear.It seems to be a bug in the system. Because the domain services error will only come if you ever had enabled Azure AD domain services on your environment.
I've created company branding from the Azure portal for my application.
This is working as expected for the first page i.e, the username page. When I click on next for the password page, the custom branding disappears and default Microsoft background appears.
I want the branding to be continued for the password page also so that there would be consistency.
You probably try to sign in with a Microsoft Account instead of your Azure Active Directory account. If you sign in with a "native" Azure Active Directory account you will continue see your company branded page.
You can customize your Azure AD sign-in pages, which appear when users sign in to your organization's tenant-specific apps, such as https://outlook.com/contoso.com, or when passing a domain variable, such as https://passwordreset.microsoftonline.com/?whr=contoso.com.
Your custom branding won't immediately appear when your users go to sites such as, www.office.com. Instead, the user has to sign-in before your customized branding appears.
Visit this link for more information
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/customize-branding
In the ADB2C user registration flow you have an picture on the left & the form on the right. Is there an easy way to change the picture on the left? I don't want to redesign the whole page.
Full customization which includes your own HTML/CSS is available for all the Azure AD B2C user flows including the "sign-up or sign-in policies" which offers a combined - registration and login - policy.
The "sign-in" policy type is the only one that offers the ability to customize via the "company branding" feature which needs only a picture upload.
All other flows require upload of HTML/CSS content. A template is available. Full customization is documented here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-ui-customization
Page UI Customization is under Policy->Edit policy->Page UI Customization->Select page->provide source URI
Update
How you get to Company Branding has changed, see this SO Answer.
Previous
Yes. Go to Users and Groups -> Company Branding -> Edit -> Sign-in page background image.
I couldn't find an official documentation on learn.microsoft.com/azure/active-directory-b2c to reference, unfortunately.
I am attempting to change the active directory of a newly created EA subscription, from my companies AD to a new AD that I created in the sub. According to https://www.itunity.com/article/how-to-change-the-default-directory-for-an-existing-azure-subscription-2494 and other sites, it is simple as clicking the edit directory button. But when I goes to the list of subscriptions in the old azure portal, that button does not appear.
My guess is that the portal isn’t allowing this due to the fact that it is an EA subscription. Because when I logged into my own personal subscription, which is not EA, the button appears as expected. Is this in fact the reason?
Any help would be really appreciated.
Thanks
Correct, it is because you have signed in with a Work account.
"The Edit Directory command in the Azure classic portal is not available to users who are signed in using a work or school account because those accounts can sign in only to the directory to which they belong."
See this link for more:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-understanding-resource-access/