Creating new AD B2C user via Microsoft Graph API

3
votes

I've decided on using the Microsoft.Graph .NET SDK instead of using the old Azure Graph API with manual HTTP requests.

The problem is that when I try to create a new user with some email, e.g. [email protected]

var req = _client.Users.Request();
var userRes = req.AddAsync(new User()
{
    AccountEnabled = true,
    DisplayName = user.Email,
    MailNickname = user.GivenName,
    GivenName = user.GivenName,
    Surname = user.SurName,
    UserPrincipalName = user.Email,
    PasswordProfile = new PasswordProfile()
    {
        Password = user.Password,
        ForceChangePasswordNextSignIn = true
    },
    PasswordPolicies = "DisablePasswordExpiration, DisableStrongPassword",
    Country = user.Country,
    City = user.City,
    PostalCode = user.ZipCode
}).Result;

I get an exception that says 'Property userPrincipalName is invalid' enter image description here

I'm only able to create the user when I use an email with the tenant as a domain, e.g. [email protected] But this is not what I need. I need to be able to create actual external users programaticaly.

With Azure Graph API it works Is there a way to make it work with the Microsoft Graph API?

2
.netmicrosoft-graph-apiazure-ad-b2c

2 Answers

7
votes

According to Github at https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management. Now you can use Microsoft Graph to create a new user for Azure AD B2C, code from https://github.com/Azure-Samples/ms-identity-dotnetcore-b2c-account-management/blob/master/src/Services/UserService.cs

var result = await graphClient.Users
            .Request()
            .AddAsync(new User
            {
                GivenName = "Casey",
                Surname = "Jensen",
                DisplayName = "Casey Jensen",
                Identities = new List<ObjectIdentity>
                {
                    new ObjectIdentity()
                    {
                        SignInType = "emailAddress",
                        Issuer = tenantId,
                        IssuerAssignedId = "[email protected]"
                    }
                },
                PasswordProfile = new PasswordProfile()
                {
                    Password = Helpers.PasswordHelper.GenerateNewPassword(4, 8, 4)
                },
                PasswordPolicies = "DisablePasswordExpiration",
                AdditionalData = extensionInstance
            });
5
votes

Currently, you can't use Microsoft Graph to create users in an Azure AD B2C tenant, because it doesn't support a few of the user properties (including the creationType and signInNames properties) that are used by Azure AD B2C.

You must use Azure AD Graph for this.

Note: When you create users in an Azure AD B2C tenant be setting the creationType property to LocalAccount, then the userPrincipalName property doesn't have to be set, because it's the signInNames property that contains the e-mail address of the external user.