Azure AD B2C signInNames

Refresh

March 2019

Views

357 time

1

I am attempting to follow the example of the programmatic creation of B2C identities. When I follow that example I am able to successfully create a user in B2C. However, when I go to login with that user (for example I go to https://account.activedirectory.windowsazure.com/r#/applications, then the user cannot be found.

I am unsure what I'm doing wrong. I can see the identity in the directory as I desire (except the UPN is generated as [GUID]@[B2C Store].onmicrosoft.com).

What am I doing wrong or misunderstanding? Per the link I should be able to do the following:

"signInNames": [                            // controls which identifier the user uses to sign in to the account
    {
        "type": "emailAddress",             // can be 'emailAddress' or 'userName'
        "value": "[email protected]"
    }
],

That clearly states the e-mail address should be the identifier for login.

Any help is deeply appreciated.

2 answers

2

By following the Use the Azure AD Graph API sample, you have created a local account in a Azure AD B2C tenant.

Unlike work or school accounts, local accounts are designed to enable signing in to applications with app-specific credentials, such as a 3rd-party email address or an app-specific user name, using Azure AD B2C built-in or custom policies.

https://account.activedirectory.windowsazure.com/r#/applications is designed for work or school accounts rather than local accounts.

0

You can login either with "user name or email address" of an user. But while you create the user in B2C, you should define the possible array of login names for that particular user.

          {"signInNames", new JArray
                            {
                                new JObject
                                {
                                    {"value", "[email protected]"},
                                    {"type", "emailAddress"}
                                },
                                new JObject
                                {
                                     {"value", "myTestUserName"},
                                     {"type", "userName"}
                                }
                            }
                        }

Also, make sure you change the identity provider as "Local account Sign In" in the SignIn policy.