Share via

Why Are Successful Local Account Sign-Ins Not Appearing in Azure B2C Sign-In Logs?

olpl1543344 21 Reputation points
2024-07-16T15:22:48.6966667+00:00

I have an App Services Web App that uses Azure B2C to handle authentication and account management.

Only local account sign-in is configured, so the user's credentials are validated each time for the user to be able to sign-in. SSO is not activated.

Some users are successfully signing-in into the app, as visible in application log stream, yet not a single trace of that is displayed in the sign-in logs of the B2C tenant. Why does this happen and how could it be mitigated?

Thank you

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,365 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,761 questions
0 comments
Accepted answer
  1. Yanhong Liu 4,970 Reputation points Microsoft Vendor
    2024-07-17T07:28:42.73+00:00

    Hello,

    Thank you for posting in Q&A forum.

    Azure AD B2C emits audit logs that contain information about activities related to B2C resources, issued tokens, and administrator access rights. These audit logs are critical to understanding and managing user activity, authentication, and authorization processes in an Azure AD B2C environment.

    Specifically, the “B2C” category in the audit logs encompasses a variety of types of activity, including but not limited to:

    Authorization: Activity that involves authorizing users to access B2C resources, such as administrators accessing a list of B2C policies.

    Directory: Activities related to directory attributes retrieved when an administrator logs in using the Azure portal.

    Application: Create, Read, Update, and Delete (CRUD) operations associated with B2C applications.

    Keys: CRUD operations related to keys stored in the B2C key container.

    Resources: CRUD operations related to B2C resources, such as policies and identification providers.

    Authentication: Authentication of user credentials and token issuance.

    Login activities are also recorded in the audit log as part of authentication. When a user logs in to an Azure AD B2C-protected application using his or her credentials, the associated login activities (e.g., user authentication, token issuance, etc.) are captured and logged in the audit log. These log entries typically contain detailed information about the login activity, such as the name of the activity (e.g., “issue id_token to application”), the initiator (the object ID of the B2C application the user is logging in to), the target (the object ID of the user who is logging in), and other pertinent information (e.g., the Tenant ID, Policy ID and application ID).

    Therefore, the trace will not be shown in the login log because the login activity will be recorded in the audit log.

    I hope the information above is helpful.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ryan Hill 27,026 Reputation points Microsoft Employee
    2024-07-16T22:31:57.1266667+00:00

    Hi @olpl1543344,

    Azure AD B2C maintains separate logs for different types of activities. Sign-in activities are typically recorded under Audit Logs rather than sign-in logs. Check out Access and review audit logs - Azure AD B2C | Microsoft Learn for more details.

    0 comments