This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 36%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
I have 2 applications .
Application 1 : A .NET backend / Angular frontend app with AD B2C for authentication. (This application is already developed and working.)
Application 2 : A similar stack application using database for authentication (basic email/password authentication)
Application 2 users are also created in Application 1 and AD B2C also (via App1 API and Graph API)
From application 2 I want to be able to access application 1 (through deep-links) . How should I structure my 2 applications so that SSO is possible from Application 2 to application 1 (since application 2 user is already authenticated when logging into application 2 and clicking deep-link to application 1 - where also the user exists).
Any guidance will be of great help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
You can register an Azure AD B2C tenant as an OpenID Connect Identity Provider on another Azure AD B2C tenant, but you will only be able to use standard Azure AD functionality and you will only be able to login using accounts which are created by Azure AD > Create User option. You will not be able to login with a signed up user.
If I'm understanding your scenario correctly, your best option would be to migrate all of the users into one B2C tenant.
Thank you very much for taking time on it .Let me clarify my scenario .
I have an application (App 1) that I want to be able to connect to another application (App 2) that uses AD B2C.
Step 1) App1 (domain 1) uses custom authentication
Step 2 ) From App1 click deeplink to go to Web App2 (domain2) that uses AD B2C
ie App2 is an entirely separate application on azure that uses AD B2C for authentication, only thing App1 has is App2 AD B2C user/password.
For Step 2 to work without AD B2C asking username password in App1 call :
Step 2 a)
--> (authenticate with App2 using user/password )
POST https://.b2clogin.com/.onmicrosoft.com/<APP_policy>/oauth2/v2.0/token
client_id:<App_ID>
redirect_uri: <<web app 2>>
grant_type:password
username: <<username of App1 AD B2C user>>
password: <<password>>
scope:openid web_clientID
response_type:token id_token
Step 2 b)
--> get access_token, id_token from above request
Step 2 c)
--> set cookie for domain2 using the above acces_token (+ any other cookies that need to be set)
Step 2 d)
--> bypass login screen (SSO) to App2
Will this work ? I am not able to make this flow work though logically I feel it should. I am not sure if the policy I set (currently same as ROPC) should be set differently, or it would use other tokens to verify which I should be setting in my cookie.
Please guide as to how this flow can be made to work. Stack overflow question
Posted on Stack overflow and ad b2c sample Issues also.