How do I allow a sign-up option for local accounts in a multi-tenant Azure B2C login page?

0
votes

In my Azure account, I have:

  • App Service
  • B2C Tenant
    • app registration
    • user flow for sign up and sign in

My app uses @azure/msal-react and I usually used my user flow as my authority, which looks something like this: https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1_wugtestsignupsignin

The login page looks like this

Notice the Sign up now link which allows someone to register a new local account.

I wanted to go multi-tenant though, so I made sure my app registration was set to multi-tenant and then used https://login.microsoftonline.com/common as my authority.

This works, I am presented with this:

Login info multi-tenant

and I can log into my app with local or other AD accounts just fine. However, I've lost the ability to sign users up. I only have the option to sign in, like so:

enter image description here

How would I bring back the option to sign a user up? I understand I can make accounts via sending an invitation email or manually creating a user via the B2C portal but I would personally like that sign up now button again.

1
azureazure-ad-b2c
GraphApiResourceUrl = "graph.windows.net", AuthorityUrl = "login.microsoftonline.com",Juanma Feliu
I'm unsure what you mean, is that an option in the Configuration object that you pass into the PublicClientApplication object? I've never actually messed with GraphApi or anything in Azure yetjoshualan
use Graph API to create users inside B2C tenant docs.microsoft.com/en-us/previous-versions/azure/ad/graph/api/…Juanma Feliu
Use login.microsoftonline.com for signin as you are doing now.Juanma Feliu

1 Answers

1
votes

The authority https://mytenant.b2clogin.com/mytenant.onmicrosoft.com/B2C_1_wugtestsignupsignin and https://login.microsoftonline.com/common are really different things.

The first uses an Azure AD B2C user flow and is used to login B2C users. The second is the multi-tenant Azure AD authentication endpoint.

If you want to sign in B2C local users, you need to use your user flows and not the regular Azure AD endpoints. I know this is a bit confusing but your Azure AD B2C tenant is both an AAD B2C tenant and an AAD tenant. You should not mix these sides though.

To allow both B2C local users to sign in/sign up and also allow multi-tenant AAD authentication, you need to add AAD authentication as an option in your B2C user flow. Sadly at the moment this feature is only available through B2C custom policies: https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy. It will result in the login UI showing both a button to use an Azure AD account as well as the login form for B2C local accounts.

You can also check the new self service sign-up features in regular Azure AD to see if that could match your requirements as well.