How do I enable Local Account Identity provider to support both UserName and Email in Azure AD B2C?

Question

We are exploring to migrate existing system to B2C, but it has got two options to login to the system i.e flow:

1. login with UserName/pwd and flow

2. login using email id/pwd.

How do we achieve this in Azure AD B2C?

Thank you!

Answer 1

Azure AD B2C allows multiple account types to sign-in regardless of the account type you select for your tenant, but sign-ups and password reset are limited to that single type.

If you have an existing system with both usernames and email addresses as sign-in names, you can migrate those users to Azure AD B2C, and they will both be able to sign-in. The sign-in page accepts all of them regardless of what local account type you select in the Azure AD B2C admin portal.

However, you cannot support sign-up and especially password reset for both account types simultaneously. They will only be available for the account type that you select in Azure AD B2C portal.

Sometimes, it is acceptable to say that for all new users, only one type of sign-up (i.e. either username or email address) will be accepted. But then the password reset will also be available for only that account type. That is, if you enabled email address based local accounts, then password reset for those accounts will work, but not for username based accounts.

You will need to determine whether this is acceptable for your scenario.

If not, then you have the option to author all these scenarios by using custom policies (Identity Experience Framework), and creating your own user experiences, but that is significantly more investment.

Answer 2

There is a sentence in an official document:

We also support arbitrary user names as local accounts (for example, joe, bob, sarah, or jim). You can choose one of these two local account types by configuring Azure AD B2C in the Azure portal.

According to this sentence, I think we can only choose one type to verify the user ID.