Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure Ad b2c : Add new member user with invitation

I have an Azure Ad b2c running up on Azure and I want to create user with inviations in B2C.I tried by creating Guest user but that user is unable to login. because that user is created as B2B user.

I also tried by adding user manually. but I am not able to add my own domain. eg. [email protected]. but I want to create [email protected].

I googled it a lot and I found that i have to add a custom domain for that. when I tried to do so I found that I have to register my domain in DNS registrar. which is not run long in future.

I also followed the related question on stack overflow that is .

How do you add a user with a local name in Azure Active Directory B2C?

So what I want is , I add a user by and invitation and that user should be enable to login.

Can you help me to get rid of this problem?

I am breaking my head for last 4 days.

Thanks a lot.

like image 675
Tejinder Singh Avatar asked Jun 26 '18 10:06

Tejinder Singh


People also ask

How do I invite guests to my Azure AD?

Add a new guest user in Azure AD Under Azure services, select Azure Active Directory (or use the search box to find and select Azure Active Directory). Under Manage, select Users. Select New guest user. On the New user page, select Invite user and then add the guest user's information.

What is a guest user in Azure AD?

Guest users sign in to your apps and services with their own work, school, or social identities. The partner uses their own identities and credentials, whether or not they have an Azure AD account. You don't need to manage external accounts or passwords. You don't need to sync accounts or manage account lifecycles.

What is a tenant in Azure B2C?

An Azure AD B2C tenant represents a collection of identities to be used with relying party applications. By adding New OpenID Connect provider under Azure AD B2C > Identity providers or with custom policies, Azure AD B2C can federate to Azure AD allowing authentication of employees in an organization.


1 Answers

The easier solution is to create a local account in the Azure AD B2C directory through the Azure AD Graph API and then send an email message to the new user with instructions to "forget their password" which you have randomized.

The harder solution is to implement the invitation flow using a custom policy.

This invitation flow is described here and implemented here.

The invitation flow invites a new user by pre-registering a local account in the Azure AD B2C directory through the Azure AD Graph API and then sending a signed redemption link to the email address for this local account.

This redemption link directs the new user to the password reset policy.

like image 153
Chris Padgett Avatar answered Nov 15 '22 09:11

Chris Padgett