Reputation: 7
SSO in Azure B2C using ExternalAD email address with fallback to Internal B2C email address
I have SSO with Azure B2C working fine using in-tenant and email. I would like to add the ability for users to login in with ExternalAzureAd such that if the enter their email address and password it will first use ExternalAzureAd if they have already been invited or if not fallback to the B2C tenant. I can "see" whether on not a particular email address is Internal or External by viewing the users in B2C Users screen in the portal. I am rather surprised that out of the box the user is not forwarded to the appropriate login screen for authentication - either B2C or External - based on this information. So I have been told one way to possible implement this is to create an API app that will look this up based on user profile and then based on the info branch to either the Internal or External login screen. This would involve creating custom policie(s) and perhaps custom user flow(s) so that the API call in ingested into the user flow.
Has anyone done this or know of a reason this would not work?
Upvotes: 0
Views: 118
Answers (1)
Related Questions
- Azure B2C: Local or Social discovery using email address
- Azure B2C add email to the token after verified it
- Sign in to Azure B2C with an OpenID account (Microsoft Work email) but prevent user from signing up
- Prevent Azure B2C users from logging in with an email address when the username login flow is enabled
- Azure B2C custom Sign In journey - Capture email first
- How to configure Azure b2c Sign Up and Sign In using Username with MFA using Email or Phone and Unique Email/Phone and Custom field?
- Choose identity provider based on email address in AD B2C?