Azure AD B2C Override username through API Connector

Pavan Josyula 1 Reputation point
2022-11-24T03:03:28.597+00:00

Hello Azure Gurus,

I am currently evaluating Azure AD B2C to replace Thirdparty OIDC IDP.

We have SAAS App Multitenanted Web/API but different Databases per tenant and we use UserNames for logins. Its good that Azure AD Supports UserNames for authentications.

The problem is some of the users across those DBs have same User Names example.

Site1 -> UserName -> blah1
Site 2 -> UserName -> blah1

So far we have kept users in their respective Databases so we didnt face any issues.

I am thinking to create one Azure AD B2C Tenant to manage users of all the sites by appending UserName_SiteCode
Azure AD B2C ->blah1_Site1 as username
-> blah1_Site2 as another username

I cant create one B2C tenant per site. As we have more than 20 sites in same Azure Sub. There is limitation that we cant have more than 20 B2C tenants.

My question
Is it possible to override the user entered username and append the site code based on the redirect url before Signin process using Custom Policies and API Connectors
I dont want tell users that their user names changed.

Please give me some samples or suggestions.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
610 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,639 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 27,381 Reputation points Microsoft Employee
    2022-11-28T10:00:16.69+00:00

    Hi @Pavan Josyula ,

    Thanks for reaching out and apologies for delay in response.

    Yes, it is possible to send username as input and sitename in the input claim and use REST API to append the value of both and send to output claim.

    This can be achieved using user flow or custom policy.

    In the user flow, API connector can be configured and userName and siteName claims can be sent along with PostAttributeCollection step attribute in the request which corresponds to "Before creating the user".

    API will return the claim that you want to return in the token. It could be a built-in claim or defined as a custom attribute.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-api-connector?pivots=b2c-user-flow

    Hope this will help.

    Thanks,
    Shweta

    ----------------------------------

    Please remember to "Accept Answer" if answer helped you.