Reputation: 15
How can I invite Guest Users to the Azure B2C Platform and provide them access to the application?
I have a requirement where we want the users to use their social accounts to login into our application (i.e. get an ID Token) through Azure B2C. I configured the Identity Provider and create a user flow for Sign in only. We don't want Users to Sign Up because that through Invitation only. When I use the "Invite User" to the live.com account and the user accepts the invitation and tries to login into the application, I get the below error.
AADB2C99002 User does not exist. Please sign up before you can sign in.
But the user is existing as a Guest User.
When I allow Sign up and the user actually does the Sign-up and then login in, it works.
Questions:
- Why isn't the Guest User allowed to access the application? What needs to be done for the same to work?
- If it's not possible, I don't want the user to be a "member" to avoid maintaining their credentials. I want the users to use their social accounts only.
- As I don't have the requirement of self sign-up and the only invitation-based, how do I achieve my requirement?
Thanks, Neel
Upvotes: 0
Views: 1512
Answers (1)
Reputation: 16458
Please see the Overview of user accounts in Azure Active Directory B2C.
Guest account - A guest account can only be a Microsoft account or an Azure Active Directory user that can be used to access applications or manage tenants.
Consumer account - A consumer account is used by a user of the applications you've registered with Azure AD B2C. Consumer accounts can be created by:
- The user going through a sign-up user flow in an Azure AD B2C application
- Using Microsoft Graph API
- Using the Azure portal
Guest account is specifically distinguished from Consumer account. So Guest user can't sign into B2C application directly.
Your three questions are actually the same question: How to log in a social account without managing its credentials?
Please refer to Add an identity provider to your Azure Active Directory B2C tenant.
In order to let live.com account sign in, you need to Set up sign-in with a Microsoft account using Azure Active Directory B2C. Choose the policy type (User flow or Custom policy) you want to find the corresponding steps.
If you need your customers from other social idps such as Facebook, Google and so on, you can find the corresponding article on the left.
Upvotes: 1
Related Questions
- Invite user once created in the AD B2C to sign on my app
- Inviting Azure application into a tenant
- Azure B2C client credentials grant
- Do I need to add guest users to authenticate with Azure B2C?
- Azure B2C Invite Consumer Users & Retrieve User Permissions
- Azure B2C: Enable other devs to access B2C Tenant via their Microsoft Accounts
- Can an invited guest user signin using Azure AD B2C?
- Azure B2C with pre-invited users
- Azure AD B2C invite as guest for administration
- Azure AD B2C - user type 'Guest' or 'Member'