Azure AD B2C user as guest in AD B2B

Question

I have an Azure AD B2C established with users already added based on a third party application user group. In order to allow the users to use Power BI, I need to have them "guested" within our corporate AD B2B. This is the AD that is attached to Power BI. Here is my problem, I can request that the user Tim Vavra be guested into the corporate AD, but when they send the email to have the user confirm, the address that is created by my AD B2C does not connect to email. For example, my email address would be tim.vavra@azurestageenvironment.onmicrosoft.com . I am not sure that this address will ever be able to be received by any individual. Is there a method that someone else has used to accomplish this? I have about 200 users and I need to try to make this as simple as possible as there are approximately 15 companies involved and each one has a decidedly different skill level. If I need to further clarify, I am happy to provide any information that would help. I am new to Azure so I am learning as I go.

Answer 1

Hi @TimVavra , just so I make sure I understand properly, you are trying to add the users present in your B2C tenant as guest users into your actual AAD tenant? Now in order to this, you are trying to send an email with the invitation link so that the user can redeem that link and add themselves as B2C/Guest users to your actual AAD tenant. Now the problem you face is that, when you send the email to an email address fetched from B2C tenant for that user the email never reaches the user. Now based on this what I would like to know is if the email address mentioned by customer "tim.vavra@azurestageenvironment.onmicrosoft.com" is added in the email attribute of the user or not. It is added as value for the email attribute for the user in B2C, then make sure it has a valid mailbox attached to it. The email can only be sent if there is a valid mailbox available and attached to that emailID. If the email is a valid one, then both B2C and AAD, would be able to sent an invitation link on to that email and that the user can redeem easily.

What type of email does this user have when he tried to sign up in B2C tenant? We need more details around the user's email ID that was used to signup and if that email address is listed as a value for the email attribute of the user or not, and if that is a valid email id.

Please let me know and I can continue looking into this.

Thank you,
James

Answer 2

Our B2C Active Directory is derived from a list of users for our tracking software. Each of those users are assigned programs and roles within the software allowing them access to specific data points and programs. In our B2C we have both users and groups paralleling the information in the tracking system. If I have access to the Appliance Program in the tracking system, I am in the Appliance Program Group in the B2C. The users in the tracking system utilize their company email address to log into the tracking system. We have an internal cache with logins and passwords that validate the user on sign in. When we moved the users to the B2C we retained their original company email address as an Alternate email in the Contact info section of their profile. The B2C address that is recreated relates back to this address through their profile. I am not sure if I can "guest" the B2C address but validate using the Alternate email. I do not have any administration rights on the main active directory. I also need to work on a method to add or subtract users from groups based on the groups in our B2C. I may be in 5 different groups and based on my company I may be removed from 1 of the groups but not the other 4. I need to be able to update the main AD without deleting or inactivating the user in total.

I hope this gives you more clarity.