cross-tenent application security concern
There is an cross tenant application, which used by customer tenant A and customer tenant B, both A and B grant permission to the Application to their own resources RA, RB. Does It possible tenant A be able access resource RB by the Application? In…
How to fix error "Account already exists" when signing in google users on a customer entra tenant?
Dear Microsoft support team, My name is Javier Ortega, and I am writing to seek assistance with: Authentication from .Net application to Entra tenant, with google users. Currently we have a group of users migrated to a customer (external) entra tenant.…
I changed my account to an internal account by accident on Azure
I was playing around with permission in Azure and ended up changing the main account to internal instead of external. I cannot access my account any more, and can't even create a request and a phone call to my regional office just told me me to create…
Will Azure Virtual Desktop use Microsoft Entra External ID for external-facing apps?
According to the AVD documentation, in order to offer apps or desktops running on AVD to external users or customers (cloud-only deployment), identities must be created and managed manually, and then the credentials are provided to the users. Since AVD…
How to protect Flask API routes with Azure AD B2C?
This is not that well known so I thought I may come up with an article but first, let's see if others from the community can contribute. Copilot/AI is fine but do not forget your personal touch :)
how to verify azure access token gotten from client web app and sent to python server
I get an azure access token from my client SPA (single page application) using MSAL (Microsoft authentication library) as a public client application. I then send the access token received after successful authentication to my python server by including…
How to authenticate Microsoft Account users through Entra External ID
When I invite an external user via by providing their email address They receive an invite link via email After accepting the invite, if that email is not associated with an existing Microsoft Account it gets added to my directory with Identity Type:…
How to Resolve issueAuthentication fails with an error stating "The requested federation realm object '< Object ID >' does not exist"
I am trying to add OKTA as an Identity Provider in the Entra ID. and i keep getting this error " Authentication fails with an error stating "The requested federation realm object '< Object ID >' does not exist" I have gone through…
Entra External ID - MFA UI message translation
Hello, It's probably more of a question about the right place to report this issue rather then the report itself :) We are using Entra External ID and we have noticed incorrect message translaotion on "MFA view" (the view when the user is able…
B2B-Self service sign-up userflow
Hi, I have setup a self-service sign-up user flow for our b2b users,when they click on application link they can sign-up (if not having an account) and then their identity is created in tenant. The issue I am facing is I am not finding a way which…
Configure SAML based SSO for external user authentication
Hi, We would like to expose our application to internet and authenticate users using Microsoft entra. Expecting the users to put in their personal ids or work\school Microsoft ids to sign in. Based on research online, we need to create an entra app. I am…
Transitioning from SQL Database to Custom Attributes for Azure Blob Storage User Access in B2C User Flow
I have an API that allows B2C users to upload/download files from Azure Blob Storage containers. Currently, I use an SPA with an Azure Function that sends the upload or download request to the Azure Blob Storage container that the user has access to…
Was the ability to manage App roles through the UI removed recently?
We are using Microsoft Entra ID for customers (Preview) and it seems the ability to manage app roles through the Microsoft Entra UI was removed. The documentation (https://learn.microsoft.com/en-us/entra/identity-platform/howto-add-app-roles-in-apps)…
Integrating proprietary directory users with Microsoft Entra ID
Hi, our company has an Entra directory of users and a proprietary directory of 3rd party customers. In the case of the 3rd parties, we want to take advantage of Entra's capabilities. However, we've hit a roadblock as they have emails in multiple domains…
Not able to read ‘custom_attributes’ claim in Azure B2C for salesforce’s OpenId protocol
Salesforce is IDP and using OpenId protocol in custom policies in azure B2C. After successful authentication, I am able to read all other claims but not ‘custom_attributes’. When I tried to connect Salesforce from sample C# app, its salesforce is…
Teams group sharing with external users - do we need Entra licenses?
I would like some clarity on the Entra External ID licensing and MAU. Our organization has 2 M365 Basic subscriptions (Global admin account and org. communications account). We have a Teams group which we share with 30-40 external users. They need access…
Unable to retrieve the list of Guest users without ExternalUserState value
There are cases when ExternalUserState property of Guest users may be empty (null/blank) due to invitation being sent from different services (possibly SharePoint). It is not possible to retrieve the list of those users because according to…
Azure Active Directory B2C Phone Sign Up/Sign In Filter to Certain Countries
I've currently setup Azure Active Directory B2C for users to sign in via a phone OTP. I need to limited the phone numbers to be only countries the application is supported in. I've not found a way to do this yet or any documentation on this. NB* this is…
AADSTS500208: The domain is not a valid login domain for the account type.
Hi, I have MS Entra External ID preview tenant created. However, I noticed that I cannot authenticate successfully with the local account. Below I provide more details. I would be grateful for help/hints. Describe the bug When I try to login with…
Multiple authschemes is not working
I have added two authentication AzureAD and AzureB2c in mvc core3.1 using microsoft.identity.ui & web packages. I am able to call challenge both schemes but after login -in successfully my controller postback action method is not executing even…