Set app’s verified publisher (Azure AD B2C) so that it shows up as verified in the user consent prompt

Tiago Silva 6 Reputation points
2022-07-16T07:04:18.773+00:00

I set up sign-up and sign-in through a custom policy in Azure Active Directory B2C.
I have 2 app registrations in the Azure AD B2C tenant:

  1. a web application, which exposes an API
  2. a Single-page application (SPA), which has been granted access to the API described above
    I don’t have any app registration in my corp tenant, only in my B2C tenant.
    Everything works fine, but the application shows up as unverified in the user consent prompt: https://1drv.ms/u/s!AhEACHgzzcWq4jH6dbds5TaW6ylH?e=Y5aTvM and https://1drv.ms/u/s!AhEACHgzzcWq4jKH95a3JzBoojpU?e=kFLvPR

To show it as verified, I:
(from: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-microsoft-account?pivots=b2c-custom-policy#verify-the-applications-publisher-domain)

  1. verified my company’s identity with Microsoft Partner Network (MPN)
  2. am trying to complete the publisher verification process to associate my MPN account with my app registration
    The publisher domain of both apps is set to the primary verified custom domain of the tenant.
    I am using Microsoft Graph to set my app’s verified publisher:
    POST /applications/<app-object-id>/setVerifiedPublisher
    {
    "verifiedPublisherId": "<my-MPN-id>"
    }
    But I get the following error message: “The MPN ID you provided does not exist, or you do not have access to it. Please provide a valid MPN ID and try again.”. The MPN id I am using is the Global MPN ID.
    This error is listed in the common issues in the documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/troubleshoot-publisher-verification#common-issues. Following the documentation, when I open the MPN tenant management page, the tenant where the app is registered in (the B2C tenant) is not on the list of the associated tenants. Only my corp tenant is on the list. However, even following the instructions in the documentation to associate a new tenant to the MPN account, I am not able to associate the B2C tenant. That process seems to be intended to associate Azure AD tenants to the MPN account, not Azure AD B2C tenants.

How can I set my app’s verified publisher so that it shows up as verified in the user consent prompt?

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,611 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,108 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Akash Chopra 36 Reputation points
    2022-07-17T22:30:47.557+00:00

    Hi @Tiago Silva ,

    Thank you for your post!

    When it comes to the error message that you received, this is most commonly caused by the signed-in user not being a member of the proper role for the MPN account in Partner Center- see https://learn.microsoft.com/en-us/azure/active-directory/develop/publisher-verification-overview#requirements (Requirements) for a list of eligible roles and see common issues for more information. Can also be caused by the tenant the app is registered in not being added to the MPN account, or an invalid MPN ID.

    For more info - https://learn.microsoft.com/en-us/azure/active-directory/develop/troubleshoot-publisher-verification#mpnaccountnotfoundornoaccess

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

  2. 2022-07-18T02:08:36.343+00:00

    Hello @Tiago Silva , in order to associate your B2C tenant please ensure:

    1. You sign-in into the partner center with a work tenant Global Admin
    2. You sign-in with a B2C tenant Global Admin after clicking the Associate button.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    0 comments No comments