Reputation: 1278
Azure B2C Error: Application faulted after creating new app in MSAL portal
I am trying to figure out which admin account I should use while creating the Azure B2C application with a v2 MSAL endpoint. I've observed that both the process and outcome are different when I use:
- The default Office365 + AAD admin account
- A long lived LiveID account
- An administrator created within the B2C directory itself
Each of these accounts were used to create an application in the MSAL (converged?) portal.
Azure AD Account
I have an Office 365/AAD admin user with an @[tenant].onmicrosoft.com address.
When creating the application, I see an alert saying that this application will be created in my AD tenant (presumably the Office 365 Admin account and not the connected b2c)
This application will be registered in the Azure Active Directory instance used to manage your *.onmicrosoft.com account
[Screenshot)
I wanted to have a school or work user authenticate to the B2C instance., however the simulator gave me an error.
Since the error was based on the user not having access to the directory, I decided to try recreating the app using a new admin account, created exclusively in that b2c tenant directory:
I created a new @[tenant].onmicrosoft.com b2c admin user, and tried recreating a new appID/ClientID. The basis of my thinking is that when I used the Global Admin from my Azure+Office365 account caused confusion in the B2C tenant.
When I inspect the application in the Azure portal (opposed to the MSAL portal), I get this error
Which leaves me asking:
- Which portal should I use when creating a MSAL v2 application?
- Who should I be logged in as (Office365 AAD Admin, Dirsync-enabled AAD Admin, B2C Admin, LiveID)
- Who shouldn't I be logged in as?
My intention is to authenticate School and Work users using the MSAL library.. in addition to Facebook and Google, depending on the signin policy.
LiveID on MSALv2 app portal
To complete my testing of combinations, this is the MSALv2 portal I get when using a LiveID user. (previous screenshots are from an AAD or B2C user). Note that the section headers are different, possibly implying a functional difference as well. I want to confirm that Converged applications equals My Applications in the earlier screenshot.
Upvotes: 1
Views: 315
Answers (1)
Reputation: 14704
As described by Azure Active Directory B2C: Register your application, you should register an Azure AD B2C application using:
- The Azure portal
- A Global Administrator for the Azure AD B2C tenant
Any application registrations that are created using the Azure portal must be managed using the Azure portal.
If you modify the application registration using the Application Registration portal or PowerShell, it becomes a "faulted" app.
Although the Global Administrator can be a guest of the B2C tenant, it is recommended the Global Administrator is a member of the B2C tenant.
Upvotes: 2
Related Questions
- AADB2C90068: The provided application with ID is not valid against this service. Please use an application created via the B2C portal and try again
- azure b2c - an exception has occurred
- Azure AD B2C - Error AADB2C90018 immediately after the app registration was created
- Azure B2C Tenant failed with error "Tenant creation failed."
- Published Web app Auth AD B2C: Error404 for /signin/B2C_1_mysigninoutpolicy'
- Can't register an application in Azure AD B2C
- Azure AD B2C login not working when app is pushed to Azure service
- Azure AD B2C iOS app token error
- Azure B2C. User account does not exist in tenant 'xxx' and cannot access application
- Sign-Up or Sign-In policy error in Azure AD B2C