Menu
I've got an Azure Active Directory B2C up and running and can sign in with users created in the AD that have the form of @.onmicrosoft.com. So, for example, [email protected], works just fine. But these user names are unacceptable for external use. I've also got basic Microsoft Account logins working, so a user with the name of [email protected] will work by redirecting through the Microsoft directory.
But I want to allow arbitrary emails for logins. Using the Azure Portal, how do I add a user and give them a login id of [email protected]? The document and FAQ indicate that it's possible, but I can't find the option in the Azure portal when I add a user. What am I missing?
951
A local account refers to an account that is created in your Azure AD B2C directory when a user signs up for your application or an admin creates the account. Usernames and passwords are stored locally and Azure AD B2C serves as the identity provider for local accounts. Several sign-in methods are available for local accounts:
Under Azure services, select Azure AD B2C. Or use the search box to find and select Azure AD B2C. Under Manage, select Identity providers. In the identity provider list, select Local account. In the Configure local IDP page, select one or more identity types you want to enable for user flows in your Azure AD B2C tenant.
The invitation flow invites a new user by pre-registering a local account in the Azure AD B2C directory through the Azure AD Graph API and then sending a signed redemption link to the email address for this local account. This redemption link directs the new user to the password reset policy.
Azure Active Directory (Azure AD), Azure Active Directory B2B (Azure AD B2B), and Azure Active Directory B2C (Azure AD B2C) share in the types of user accounts that can be used. The following types of accounts are available: Work account - A work account can access resources in a tenant, and with an administrator role, can manage tenants.
Azure AD B2C Users should NOT be created via the Users & Groups blade.
This blade, while available from the Azure AD B2C Edit Settings blade, is meant at this time to be used to manage users for regular (corporate/enterprise) Azure AD. While it is technically possible to create/add users via this blade, you'll end up with undesired/unexpected behavior such as, as you observed, users being created with @tenantname.onmicrosoft.com or having them created as Guests via the Azure AD B2B Collaboration feature that ultimately can't sign in to your Azure AD B2C integrated applications.
In the context of Azure AD B2C, you should only use this blade to browse the users in the tenant, always in read only mode.
To create Azure AD B2C users, you should either:
141
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
