Adding external users to Azure AD B2C without sign-in

2
votes

I added to my Azure AD B2C option to log in by an external provider - Azure AD. Later on, I added my account from that tenant to Azure AD B2C as external users. external user

Unfortunately, when I log in, I get "User does not exist. Please sign up before you can sign in.".

When I use a different policy that allows me to sign in, my account is duplicated as Federated Azure Active Directory. federated user

How we can prepopulate Azure AD B2C with external users to avoid signing in new accounts? I would like to move existing data from the tenant and avoid filling in unnecessary data. Moreover, I would like to allow particular users only to be able to log in to our application.

2
azure-active-directoryazure-ad-b2c
I see value on your question. We use B2C with both, local consumer accounts and external consumer accounts. Currently, we want administrators to manually register users instead of users self-registering into our application. The administrator then adds some required user properties that we don't want users adding themselves. Currently, we don't know about a way to register external consumer users manually and it's affecting our business.mdarefull

2 Answers

1
votes

The problem here is that users added via the portal are essentially B2B or portal admin users.

These are not local accounts and hence cannot login to B2C.

If you have users in another AAD tenant that is federated with B2C, you do not have to manually add these users to B2C. A "linked account" (using the #EXT# format) is created when those users authenticate via their Azure AD.

0
votes

I guess what you are saying is "avoid registering new users."

Azure B2C is for Consumer, not for Azure AD tenant. You should use Azure B2B feature to add guest user to your Azure AD B2C tenant and assign the necessary role/permissions to the guest user.

You could simply choose to use the + New guest user on Azure portal or Microsoft Graph API to add external users.