Can you create an Azure B2C Tenant with a Service Principal?

Question

I am looking to setup an automated pipeline which deploys and configures Azure B2C Tenants in multiple environments.

I am running into a 401 error during the pipeline, I am using Terraform to deploy Azure B2C.

Error: performing Create: unexpected status 401 with error: Unauthenticated: Unauthenticated
│
│ with azurerm_aadb2c_directory.b2c,
│ on azure-ad-b2c.tf line 5, in resource "azurerm_aadb2c_directory" "b2c":
│ 5: resource "azurerm_aadb2c_directory" "b2c" {
│
│ performing Create: unexpected status 401 with error: Unauthenticated:
│ Unauthenticated

I am using a Service Principal to try and create Azure B2C, is this not supported?

Answer 1

Hello @devopsfj , apoligies for any confusion caused by my initial answer. As stated by the SO post shared by @azure enthusiast, creating an Azure B2C tenant with a service principal is not possible by design since we need a user to request the operation in order to assign him as the first global administrator of the new tenant.

The current workaround for automation purposes is to obtain an access token as a user using the ROPC flow. Also, there's an idea posted in the Azure Feedback Forums that can be upvoted. The more votes it gets the more the product team may consider it for future implementation.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

Answer 2

Hello @devopsfj , you can create an Azure AD B2C tenant using a service principal using Azure REST API. The error encountered suggestd your call is not authenticated. For more information about authentication take a look to the Terraform documentation.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.