Azure AD B2C Front-channel logout URL Not Working
Hello everyone, I'm facing an issue with Azure AD B2C for which I'm struggling to find a solution. I have multiple registered applications, each representing a different product. When I log out of one of these applications, I'd like the sessions in the…
How to resolve Invitation Redemption failed error in a B2B SAML Federation scenario with OKTA
I am currently testing the integration of OKTA as a SAML federated service, with Entra, for B2B guest access. This is a prelude to an urgent live deployment requirement that I have for a client. I have created an OKTA developer account, configured the…
How to avoid login/sign-up redirection/popup when using AAD B2C from React Application?
Hi, When using Azure AD B2C with React SPA, can the login redirect/popup be avoided? I have a business requirement to embed the login/sign-up page in react instead of using MS hosted pages (even if customizable), not show the sign-up/login url to…
Unable to Read/Write B2C Custom Domain Settings in Entra Admin Center
I'm following along the Azure Add your custom domain name steps and trying to navigate to the Settings>Domain name. I have global admin for the tenant which is also linked to an active subscription But there is no Setting under Identity.
Integrating Microsoft Entra External ID with Salesforce experiences
How can I integrate the new Microsoft Entra External ID for customer with Salesforce experiences (customer portal)? The Code Samples don't explain how to integrate a SAAS application. I can't find any useful resources on CIAM (not B2C). Has anyone…
How to redirect external user sign in attempt to initial sign in page instead of error page?
Sign in with Microsoft added to our app through our Entra ID. It works only for our tenant users, which is okay. But when external accounts outside our tenant attempt to sign in, a Microsoft error page shows up with sensitive info of our tenant…
How can I assign Visitor access for external users to a SharePoint communication site?
The SharePoint site access does not allow me to add a visitor's email address. These external users have NOT been entered as Microsoft Entra guests. This SharePoint communication site will store training videos. So visitors will NOT be allowed to edit…
Invalid Content-Security-Policy Header when using Custom Policy with JourneyFraming
I'm looking into embedding the Azure AD B2C sign-in page in an Iframe in my SPA. Following the documentation, I have added my domains (MYDOMAIN1, MYDOMAIN2) in the JourneyFraming element of my Custom Policy. The authentication works - however, there are…
How to authenticate Microsoft Account users through Entra External ID
When I invite an external user via by providing their email address They receive an invite link via email After accepting the invite, if that email is not associated with an existing Microsoft Account it gets added to my directory with Identity Type:…
How to Resolve issueAuthentication fails with an error stating "The requested federation realm object '< Object ID >' does not exist"
I am trying to add OKTA as an Identity Provider in the Entra ID. and i keep getting this error " Authentication fails with an error stating "The requested federation realm object '< Object ID >' does not exist" I have gone through…
In Entra External ID CIAM, will it be possible to add any external identity provider without a verified domain or DNS change?
We have various customers that have IdPs with their own companies and would like to use their identities to log in to our customer-facing applications. In Entra External ID CIAM, will it be possible to add any external identity provider without a…
B2B-Self service sign-up userflow
Hi, I have setup a self-service sign-up user flow for our b2b users,when they click on application link they can sign-up (if not having an account) and then their identity is created in tenant. The issue I am facing is I am not finding a way which…
How to fix error "Account already exists" when signing in google users on a customer entra tenant?
Dear Microsoft support team, My name is Javier Ortega, and I am writing to seek assistance with: Authentication from .Net application to Entra tenant, with google users. Currently we have a group of users migrated to a customer (external) entra tenant.…
unable to find the kid in the list of keys to validate the id token
I am getting id token once i click on the user flow in azure ad b2c. Now i simply need to validate that id token using the kid from the token header But I cannot find key ids in discovery/keys url which matches with the kid of token header. I have…
I changed my account to an internal account by accident on Azure
I was playing around with permission in Azure and ended up changing the main account to internal instead of external. I cannot access my account any more, and can't even create a request and a phone call to my regional office just told me me to create…
How to fix error "AADB2C90046" returned back by ACS endpoint of Azure AD B2C?
Users are encountering an error after successful authentication through SiteMinder (external IdP). Following authentication, SiteMinder sends a SAML Response to Azure AD B2C's ACS endpoint, but B2C returns the below…
Intune PIM roles needed to view Log Analytics in Entra ID
What role(s) do I need to have activated in order to view Log Analytics within Entra ID? When I looked into it, I saw that you need Security Admin and Global Reader activated. I have both of these roles, although when I go to Entra ID -> Log…
cross-tenent application security concern
There is an cross tenant application, which used by customer tenant A and customer tenant B, both A and B grant permission to the Application to their own resources RA, RB. Does It possible tenant A be able access resource RB by the Application? In…
Will Azure Virtual Desktop use Microsoft Entra External ID for external-facing apps?
According to the AVD documentation, in order to offer apps or desktops running on AVD to external users or customers (cloud-only deployment), identities must be created and managed manually, and then the credentials are provided to the users. Since AVD…
How to protect Flask API routes with Azure AD B2C?
This is not that well known so I thought I may come up with an article but first, let's see if others from the community can contribute. Copilot/AI is fine but do not forget your personal touch :)