Is it possible to pre-create federated users in Azure B2C via the Graph API? Here's the scenario:
I have added to my B2C tenant an Azure AD tenant as an IdP. However, I do not want federated users to be able to signup. I want them to only be able to signin if they are already present in the B2C directory. So, if they are not, they get an error message. So I was thinking I could create the federated users using Graph instead. Below is the request body I attempted to use but I get the error that follows, which says the UPN has to be using one of the domains in the organization. Is it possible to accomplish what I a looking to achieve with Graph? If not by Graph API, how can I accomplish? REST API call in custom policy is not desired.
{
"givenName": "John",
"identities": [
{
"signInType": "federated",
"issuer": "abc.com",
"issuerAssignedId": "[email protected]"
}
],
"surName": "Doe",
"mail": "[email protected]",
"accountEnabled": true,
"displayName": "John Doe",
"mailNickname": "jdoe",
"userPrincipalName": "[email protected]",
"passwordPolicies": "DisablePasswordExpiration"
}
{
"error": {
"code": "Request_BadRequest",
"message": "The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.",
"innerError": {
"date": "2020-08-05T03:45:26",
"request-id": "xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxx"
},
"details": [
{
"target": "userPrincipalName",
"code": "InvalidValue"
}
]
}
}
