I am setting up sign-in using Azure AD B2C in a web application, but for some reason my users end up twice in the AD. This is how it happens.
I invite a new user using the Graph API (or using the Azure Portal, same result) The new user shows up in the user list in the Azure Portal as UserType=Guest and Source="Invited user". So far so good.
Now the user accepts the invitation. The Source of the newly created guest user is then changed to "External Azure Active Directory". I suppose that is ok.
Then the user logs in and gets through the signup process (I use the "Sign up and sign in" user flow). An additional user is being created in AD. UserType=Member and Source="Federated Azure Active Directory".
The login works as it should, but I end up with 2 users having the same name and username. One guest and one member. Is this how it is supposed to work? It's a little messy with all the users listed twice.
I have configured 2 identity providers in ADB2C. Email and OpenIdConnect. If the user clicks "Sign up" he gets to create a local account in B2C. But I want him to be able to use his credentials from his own organization if possible, using the OpenIdConnect provider.
This is how the OIDC provider is configured OIDC config
