This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 35%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Hello,
I am building on a custom solution with Azure B2C and AD.
I have created a tenant in B2Cand AD and now I am stuck at connecting B2C and AD so that I can use B2C tenant as Master for adding new AD requests. May be publishing tenant as an application in the AD enterprise gallery.
So, all new AD requests should be tied to B2C master tenant and should be able to do SSO with B2C supported identity providers and provision users from AD to B2C and then to an external application.
I am happy to provide additional information required. Thank you
//V
Hello @VenkataPabbisetty,
Have you tried the steps explained in the below Microsoft documentation? https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-register-applications?tabs=app-reg-ga
Could you please provide more details like error code etc. so that we can support you further
Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion
Regards,
Manu
Yes, I have tried the steps in the link. But still in dark side to connect the AD with B2C.
Thank you
Hello @VenkataPabbisetty Not sure if I understood your requirement correctly. From your statement:
"all new AD requests should be tied to B2C master tenant and should be able to do SSO with B2C supported identity providers and provision users from AD to B2C and then to an external application"
I understood that you want new user request should go to B2C tenant, which should use the Azure AD tenant as Identity Provider, do SSO and provision user from that Azure AD tenant to B2C tenant.
If that is the case, you can refer to below document for adding Azure AD tenant as IDP in your B2C user flow:
Note: SSO would depend on whether user has cookies in the browser session or if the device has PRT to perform SSO. If you don't have these, there won't be SSO.
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.
I understood that you want new user request should go to B2C tenant, which should use the Azure AD tenant as Identity Provider, do SSO and provision user from that Azure AD tenant to B2C tenant.
Yes your understanding is correct. I have tried User and registered applications.
Let me try within the user custom policy. Will share the results shortly.
Thank you.
@amanpreetsingh-msft- I followed the steps as listed in the above two docs and able to make some progress.
When I executed the sign-in user test flow- I am getting DIRECTORY not found an error
https://[tenant].b2clogin.com/[tenant].onmicrosoft.com/oauth2/authresp#error=server_error&error_description=AADB2C%3a+A+claim+with+id+%27UserId%27+was+not+found%2c+which+is+required+by+ClaimsTransformation+%27CreateAlternativeSecurityId%27+with+id+%27CreateAlternativeSecurityId%27+in+policy+%27B2C_1_SignUpandIn%27+of+tenant+%27beigngabotb2c.onmicrosoft.com%27.%0d%0aCorrelation+ID%3a+6f32c80b-298c-4f45-bdd5-809d78e0a1da%0d%0aTimestamp%3a+2020-06-17+17%3a28%3a24Z%0d%0a
Also, can you help how to configure the Auth URL?
https://[tenant].b2clogin.com/[tenant].onmicrosoft.com/oauth2/authresp
Please assist
Thank you for all the help //V
@VenkataPabbisetty The authresp url should be configured with your B2C tenant name. If your B2C tenant name is beigngabotb2c, the URL will look like : https://beigngabotb2c.b2clogin.com/beigngabotb2c.onmicrosoft.com/oauth2/authresp
Now the error "A claim with id 'UserId' was not found, which is required by ClaimsTransformation 'CreateAlternativeSecurityId' with id 'CreateAlternativeSecurityId'" can occur due to configuration issues in your policy xml files. I would suggest you to download a new copy of Starter Pack (use either SocialAccount or SocialandLocalAccount) template and start from scratch:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant-custom?tabs=app-reg-ga
Please let me know if you have any questions.
Thank you @amanpreetsingh-msft . I am re-doing the configurations from scratch, will update you once I complete. Thank you again.
@Venkata Thanks for the update. Were you able to make the policy work?
@amanpreetsingh-msft - I tried all the steps and made some progress. However when I tried 'Execute process flow'. Now I am stuck here trying to solve the token exchange between AD and B2C.
Error CODE
Request Id: 318e23be-a7f0-4a95-9fdf-a4ec839b4701
Correlation Id: 52ba2402-95ae-406c-9fde-8e1e6a5a2d5b
Timestamp: 2020-06-25T12:14:10Z
Message: AADSTS9002325: Proof Key for Code Exchange is required for cross-origin authorization code redemption.
Screenshot-
You have been helping me a lot. I would need your extended help on this - Can we have 1:1 web-ex to review and troubleshoot the configurations? It helps the product building a lot.
Thank you.
//V
@Venkata Please send an email at AzCommunity[at]Microsoft[dot]com with subject "Redirect to Amanpreet" and we can setup a time for Monday.
@amanpreetsingh-msft Thank you so much.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 51%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Hello Guys
we are facing this Issue can you also let us know how we can fix this Issue ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 35%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
ran into similar issues using custom policies. will try from scratch as bandwidth allows. Hope we find a solution :)