I'm trying to use Azure B2C to authenticate my web app.
I've set it up as multi-tenant - but when someone tries to log in from their work account ([email protected]) then the login shows this error:
AADSTS50020: User account '[email protected]' from identity provider 'https://sts.windows.net/xxxx/' does not exist in tenant 'MyTenant' and cannot access the application 'yyy'(My Tool) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
... if I add [email protected] as a guest user in my B2C Tenant, then this works - John can log in.
Is there a way to enable my application to not require me to add "guest accounts", and just authenticate against any AAD tenant? (leaving authorization up to my app)
<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000,https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111</Item>. This allows you directly to sign in with the account of tenant00000000-0000-0000-0000-000000000000and11111111-1111-1111-1111-111111111111. - Allen Wu