How do you add a user with a local name in Azure Active Directory B2C?

Question

I've got an Azure Active Directory B2C up and running and can sign in with users created in the AD that have the form of @.onmicrosoft.com. So, for example, [email protected], works just fine. But these user names are unacceptable for external use. I've also got basic Microsoft Account logins working, so a user with the name of [email protected] will work by redirecting through the Microsoft directory.

But I want to allow arbitrary emails for logins. Using the Azure Portal, how do I add a user and give them a login id of [email protected]? The document and FAQ indicate that it's possible, but I can't find the option in the Azure portal when I add a user. What am I missing?

Saca Saca · Accepted Answer · 2017-02-15T05:36:52

Azure AD B2C Users should NOT be created via the Users & Groups blade.

This blade, while available from the Azure AD B2C Edit Settings blade, is meant at this time to be used to manage users for regular (corporate/enterprise) Azure AD. While it is technically possible to create/add users via this blade, you'll end up with undesired/unexpected behavior such as, as you observed, users being created with @tenantname.onmicrosoft.com or having them created as Guests via the Azure AD B2B Collaboration feature that ultimately can't sign in to your Azure AD B2C integrated applications.

In the context of Azure AD B2C, you should only use this blade to browse the users in the tenant, always in read only mode.

To create Azure AD B2C users, you should either:

Have the users sign-up by themselves via the Sign-up or unified Sign-up/Sign-in policy.
Programatically pre-create the users via the Graph API. For this approach check out this sample which contains a CLI to create users and showcases the code behind it.

How do you add a user with a local name in Azure Active Directory B2C?

2 Answers