I am trying to figure out which admin account I should use while creating the Azure B2C application with a v2 MSAL endpoint. I've observed that both the process and outcome are different when I use:
- The default Office365 + AAD admin account
- A long lived LiveID account
- An administrator created within the B2C directory itself
Each of these accounts were used to create an application in the MSAL (converged?) portal.
Azure AD Account
I have an Office 365/AAD admin user with an @[tenant].onmicrosoft.com address.
When creating the application, I see an alert saying that this application will be created in my AD tenant (presumably the Office 365 Admin account and not the connected b2c)
This application will be registered in the Azure Active Directory instance used to manage your *.onmicrosoft.com account
[Screenshot)
I wanted to have a school or work user authenticate to the B2C instance., however the simulator gave me an error.
Since the error was based on the user not having access to the directory, I decided to try recreating the app using a new admin account, created exclusively in that b2c tenant directory:
I created a new @[tenant].onmicrosoft.com b2c admin user, and tried recreating a new appID/ClientID. The basis of my thinking is that when I used the Global Admin from my Azure+Office365 account caused confusion in the B2C tenant.
When I inspect the application in the Azure portal (opposed to the MSAL portal), I get this error
Which leaves me asking:
- Which portal should I use when creating a MSAL v2 application?
- Who should I be logged in as (Office365 AAD Admin, Dirsync-enabled AAD Admin, B2C Admin, LiveID)
- Who shouldn't I be logged in as?
My intention is to authenticate School and Work users using the MSAL library.. in addition to Facebook and Google, depending on the signin policy.
LiveID on MSALv2 app portal
To complete my testing of combinations, this is the MSALv2 portal I get when using a LiveID user. (previous screenshots are from an AAD or B2C user). Note that the section headers are different, possibly implying a functional difference as well. I want to confirm that Converged applications equals My Applications in the earlier screenshot.
