Proper way to register Azure AD multi-tenant app in Azure AD B2C

0
votes

Trying to understand the best approach to expose a multi-tenant app registered in an Azure AD tenant to an Azure B2C tenant. What we have tried so far is

  1. Registered a multi-tenant app in an Azure AD tenant (tenant A)
  2. Exposed the app in B2C tenant (tenant B), by hitting the admin consent url like: http://login.microsoftonline.com/common/adminconsent?client_id=clientid_of_app_in_tenantA
  3. Logged in with a b2c tenant B account on the admin consent screen. Doing so, we can now see the app listed under Enterprise Applications in Azure B2C tenant B. I believe some people also refer to this as the service principal of the app.

The issue we are running into is that once we try to use MSAL to acquire a token for that client, with the authority URL being the B2C tenant w/ signin policy, it throws an error saying

AADB2C90018: The client id 'client_id_from_tenant_A" is not registered in tenant b2c tenant B

We were expecting that now that the client from tenant A is exposed in the B2C tenant B, we would be able to acquire the token for that client, but not sure what's missing from our setup. Appreciate any help or guidance you can provide.

1
azureazure-active-directoryazure-ad-b2c
There are still some differences between "regular AAD applications" and "B2C applications" I think. Since the app is a regular AAD app, it won't be available for B2C user sign in, only the "normal" AAD users in the B2C tenant through normal AAD endpoints.juunas
Thank you for taking the time to reply and also to replicate at your end. I know that there are differences between the two, but I did not see any documentation suggesting that you couldn't use AAD multi-tenant app in AD B2C. Which is why I was hoping that it might work or someone else might have found a way to get it working.mana_lahori
@mana_lahori Unfortunately, after my testing, I found that AAD multi-tenant applications cannot be used in AD B2C.Carl Zhao

1 Answers

0
votes

I can reproduce your problem, as juunas said, there are still some differences between "regular AAD applications" and "B2C applications", even if you can add AAD applications as enterprise applications to B2C tenants, it It still cannot be used, because the application is essentially a regular AAD application, so you cannot use it to log in to B2C users.enter image description here