Link existing B2C tenant via Azure CLI

Question

How to link an existing B2C tenant programatically via Azure CLI? Running this line:

az resource create --resource-group <rg> --resource-type Microsoft.AzureActiveDirectory/b2cDirectories --name <tenant>.onmicrosoft.com --location Europe --properties "{\"tenantId\": \"<tenantId>\", \"sku\": { \"name\": \"Standard\", \"tier\": \"A0\" } }"

Returns BadRequestError: The 'sku' property is required for creating a b2c directory resource but it is there

The ARM "B2C Link Resource" looks like this:

{
   "type": "Microsoft.AzureActiveDirectory/b2cDirectories",
   "apiVersion": "2017-01-30",
   "name": "[parameters('name')]",
   "location": "[parameters('location')]",
   "tags": {},
   "sku": {
      "name": "Standard",
      "tier": "A0"
   },
   "properties": {
      "tenantId": "[parameters('tenantId')]"
   }
}

Further Information:

I have tried different variations regarding the sku portion such as leaving it out completely or moving it as a dedicated parameter --sku Standard etc but none of them seem to work
Removing an existing link via az resource delete --ids /subscriptions/<subscriptionId>/resourceGroups/<rg>/providers/Microsoft.AzureActiveDirectory/b2cDirectories/<tenant>.onmicrosoft.com works perfectly fine
Why do we need this? We automate our infra deployment with Terraform. We're aware of the limitations automating B2C tenants (see here, here or here) so we aim for removing/adding the b2c link via pipeline to at least keep the subscription clean on destroying/applying infra.
Linking an existing B2C tenant via Azure Portal looks like this

Any advice appreciated. Thanks for your help!

Satya V Satya V · Accepted Answer · 2020-12-02T07:31:43

I don't think Azure CLI currently can have the ability to manage B2C tenants.

As you are aware already, there is a detailed discussion done https://github.com/Azure/azure-cli/issues/12058

Other Programmatic Approach:

I had captured Fiddler Traces to understand the flow / or the endpoint that is responsible. I was able point to the below endpoint. I was checking for the create a new Azure B2C Tenant.

PUT https://management.azure.com/subscriptions/SUBSCRIBTION/resourceGroups/RESOURCEGROUP/providers/Microsoft.AzureActiveDirectory/b2cDirectories/contosoorganiztion.onmicrosoft.com?api-version=2019-01-01-preview

{"location":"United States","sku":{"name":"Standard","tier":"A0"},"properties":{"createTenantProperties":{"displayName":"Contoso Organization","countryCode":"US"}}}

However, I was not able to check the "Link to existing the Tenant" (for your requirement) option at my end due to permissions at my end. But I am assuming there should be a similar endpoint responsible for the same. You could capture Fiddler traces with Https decrypted (or any tool that will help capturing the decrypted HTTPS Traffic), trying to link an existing tenant to understand the endpoint and the request body.

Note :

Keep mind this API/endpoint is not supported and subject to change thus not recommended for production environments:

You will need access token in order to hit the endpoint.

To obtain token, resource id of the Azure portal would be :74658136-14ec-4630-ad9b-26e160ff0fc6

az account get-access-token --resource 74658136-14ec-4630-ad9b-26e160ff0fc6

Link existing B2C tenant via Azure CLI

1 Answers