I have created a few B2C directories using the classic Azure portal. Sometimes it adds the b2c-extensions-app but other times it does not. When I delete a directory, Azure seems to have a long memory which prevents me from trying to recreate it (with the same name).
Is there a way to manually add the b2c-extensions-app such that it shows up under "Applications my Company Owns" listing?
The b2c-extensions-app is created automatically as part of creating an Azure AD B2C tenant. It should always be created. If you create a new tenant and this app is not present, you should open a support case so that the Azure AD B2C team can look into this.
Important note: The b2c-extensions-app is only visible in the App Registrations blade and not via the B2C Settings > Applications blade. See screenshots at the bottom.
More likely, someone accidentally deleted the application. If that's the case, there's two options:
If the application was deleted less than 30 days ago, you can use the Azure AD Graph's /deletedApplications/{application_id}/restore api to bring it back.
If it's been more than 30 days, there's no way to restore the application and you'll have to reach out to Azure support to get help on recreating and rewiring the application to your B2C tenant.
Notice that it's available in App registrations:
NOTE: Make sure you pick "All apps" from the App Registration drop-down.
But not in the B2C Applications:
Related
I can't delete my B2C directory.
I've followed the instructions at How do I delete my Azure AD B2C tenant?
fails, even though all Resource Status's are green.
I've purged all applications, signed into the tenant with the CLI and done an az ad app list which returns an empty array.
As it turns out, this is due to a remaining Enterprise Application being enabled for login.
To fix:
Switch into the B2C tenant then go to Azure Active Directory (type AAD into the resources search box).
Select Enterprise Applications on the left navigation
Select each application in turn then go to Properties
Change Enabled for users to sign-in? to No
Save
Then follow the normal instructions to delete the tenant.
Getting error You are currently signed into the 'Azure AD B2C tenant' directory which does not have any subscriptions. when I try to create a resource in Azure AD B2C.
Please help I am new to Azure
Switch back to the directory where you have your subscription and create the resources there.
Don't take my answer as definitive, since I'm still a newbie, but at this point my understanding is this: B2C needs a new tenant because of the way it is designed (it isn't just an add-on for AD) and you link it to your subscription for billing purposes. But that's it. You don't need to create the resources for your app there, although I guess you could do it if you get a new subscription or transfer another one.
I already created a mobile app in my default tenant and successfully used the linked B2C tenant for authentication and I guess you've done that already. But since this was one of the few results that I got when I googled the message you quoted, I think it's worth sharing.
Have you done this ?
The Azure subscription has a trust relationship with Azure Active
Directory (Azure AD), which means that the subscription trusts Azure
AD to authenticate users, services, and devices. Multiple
subscriptions can trust the same Azure AD directory, but each
subscription can only trust a single directory.
Following link might help (check To associate an existing subscription to your Azure AD directory)
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
Azure AD B2C needs a Microsoft Azure Subscription for billing purposes. You're going to need 3 things to make that message go away:
Azure AD Tenant
MS Azure Subscription
Associate your Azure AD B2C tenant to the MS Azure Subscription
It's a bit strange as Azure AD B2C tenants feel very similar to Azure AD (and run on a lot of the the same infrastructure behind the scenes) ... but from a billing standpoint, they are almost treated like MS Azure resources (e.g. VM, App Service, etc)
I created a Azure Active Directory via the Azure portal. Then, I registered an app in it. I can configure it, add permissions and the like via the azure portal. But the same app I created, I don't see on https://apps.dev.microsoft.com/
Shouldn't I be able to see and configure the app I made in AD at that portal, too?
The apps that appear in the Application Registration Portal are the ones where you are explicitly marked as an owner of the application. This is in contrast to the apps that appear in the Azure Portal which are all the applications registered in your tenant, independent of whether or not your are an owner.
If you are a normal user, and you create an application in the Azure Portal, you should see your application appear in a section called "Azure AD only applications"
Here is the owner information for "Email Scraper" from the Azure Portal.
However, if you are a Tenant Administrator and you create an application, you will not be marked as an owner of the application. Implicitly, Tenant Administrators are owners of all objects in the directory, and to reduce the object quota generated by admins, these explicit links are not created.
Here is an example of an app I created where I am the Tenant Administrator:
Therefore, you probably do not see your application in the App Registration Portal because you are not marked as an Owner of the application, probably because you are an Administrator who created the app, or you did not create the app to begin with. You can remedy this by simply adding yourself to the owner list in the Azure Portal.
Let me know if this helps!
We are trying to register applications with AAD B2C in a programmatic fashion (either Powershell or C#/.NET) in order to create and deploy app service web apps from azure automation during automatic tenant creation.
Given the context of AAD B2C Graph API seems like the way to go.
Is adding an application to AAD B2C possible?
If yes, via what technology (vanilla REST? we could not find documentation specific to AAD B2C applications)?
So far we tried using the Graph API from the Azure AD 2.0 preview as well as the Graph Client.
After figuring out that the step of creating an app requires a service principal with global administrator rights (we would love to further restrict the permissions) we face the issue that applications do not show up in B2C but are present in the AAD section of the Azure portal.
One of our attempts to add via powershell (we tried to set all parameters to closely match an application manually created in the portal B2C tenant management blade):
New-AzureADApplication -DisplayName $tenantCname -IdentifierUris "https://$tenantCname.$aadTenant.onmicrosoft.com" -ReplyUrls $tenantUrl -AvailableToOtherTenants $true -Oauth2AllowImplicitFlow $true -PublicClient $false
The command succeeds but the application does not show up in the portal under AZURE AD B2C SETTINGS > Settings > Applications but only in Azure Active Directory/App registrations. Given that both blades relate to the same directory we are not sure what differentiates our app creation from an interactive one.
Are there any additional steps we are missing? Specific properties/extensions?
I also created the application and service principal using PowerShell and then compare them with the B2C application created by manually using Azure AD Graph. However not able to find there is any property would effect the application.
Are there any additional steps we are missing? Specific properties/extensions?
Also there is no such properties/extensions about this feature was public based on the entity reference for the application and service principal here. So I don't think it is possible to create a B2C application programatcially at present.
If you require this feature, you may submit the feedback from here.
I'm working on an application that will allow users to authenticate to Azure Active Directory and then manage resources in their Azure account via Azure Resource Manager API calls.
I've found several walkthroughs on building such an app including this post. However, in the part that discusses authentication with Azure Active Directory, there's a step showing the need to manually retrieve the Azure Active Directory name from the Azure Portal.
The directory name is plugged into app settings (and ultimately authentication calls to the directory) as follows
http://login.microsoftonline.com/{directory_domain_name}/OAuth2/Authorize
Is there any way to programmatically retrieve {directory_domain_name} without requiring users to login and lookup the information in the Azure Portal?
The one answer to this question has a dead link and another pointing to the Graph API, which seems to still require the domain name.
For your particular scenario, look like you want to build an app that will be users from different Azure AD tenants. This scenario is best addressed by building a multi-tenant application.
To make your application multi-tenant, you'll need to go to the Azure Portal and in the Configure tab of your Azure AD application, set the "Application is Mult-Tenant" option to yes.
Once you do this, you can just call
http://login.microsoftonline.com/common/oauth/authorize
http://login.microsoftonline.com/common/oauth/token
And Azure AD will resolve the figure out which tenant to authenticate against based on the the credential that the user types in.
More information on multi-tenant applications:https://azure.microsoft.com/en-us/documentation/articles/guidance-multitenant-identity-authenticate/
Sample multi-tenant application: https://github.com/Azure-Samples/active-directory-dotnet-webapp-multitenant-openidconnect