Menu
Newly created users coming from an external identity providers will also be created in the directory. They also have a setting called "block sign-in".
It seems that this is not honored in my directories, only for local users. I can sign in with users marked as "blocked".
Additionally, it seems that the default for all of my users currently "block" which is wrong.
Is this working as designed?
856
asked Nov 04 '25 20:11
At this time, it is only possible to disable local accounts in Azure AD B2C. You can achieve this by setting Block sign in to Yes for the local accounts that you want to block.
As you've observed, external accounts (such as those from social identity providers Facebook, Google, etc), don't honor this setting. This is expected behavior at this time.
If you'd like to be able to disable sign-in for social accounts as well, I'd recommend you create an entry in the Azure AD B2C feedback forum requesting this feature.
Also see: How to de-active and re-active user in azure AD B2C
130
Yes, we can implement,
Create an Azure Function which gets called on the Sign-up flow.
In the AF, check the domain & call a logic app
In the Logic App,call the Graph API, which creates the user & blocks the user.
"accountEnabled": false, "displayName": @{variables('strDisplayName')}, "givenName": @{variables('strGivenName')}
so this solves the issue.
45
answered Nov 07 '25 10:11
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
