Share local account among two AD B2C tenants

0
votes

I've customers registered to an AD B2C tenant using a local account and I'l like to have them being able to login with those credentials on a different AD B2C tenant. Is it possible to somway federate the two AD B2C so that they can share the same user identity? I know that it is possible to create custom policy to let an AD B2C use a multi-tenant Azure AD as identity provider, but I think this is not the case if the user identity is stored a local account in the AD B2C itself. 'am I wrong ?

1
azure-active-directoryazure-ad-b2cpassport-azure-ad
Hi @patrick. Are you using built-in flows or custom policies? In theory, you can add an OpenID Connect-based identity provider in one Azure AD B2C tenant that refers to another Azure AD B2C tenant, although I do seem to recall an issue with passing state from one to another. - Chris Padgett

1 Answers

0
votes

In fact, Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C also works in this case.

I assume that you have B2C tenant A and B. You are configuring custom policy for tenant A. You just need to access https://login.microsoftonline.com/{your B2C tenant B}/v2.0/.well-known/openid-configuration in the broswer and get the value of issuer. And then copy and paste the value into the ValidTokenIssuerPrefixes key of TrustFrameworkExtensions.xml file.

After completing the configuration in the link above, you could use local account from tenant B to log into the application of tenant A.