This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 41%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKG%3C/text%3E%3C/svg%3E)
This may seem like a no brainer for some, but I really am not sure because I don't create apps in Azure. But the question is in our B2C tenant, under the Identity Provider section, if I configure Google as an identity provider, can I limit the user of this Google Identity Provider to certain apps that I register in that B2C tenant? OR if I configure Google as an Identity Provider in my B2C tenant, does that leave "the door open" for all apps registered in that B2C tenant to be able to use Google as an Identity Provider? Or can I limit its use on a per app basis?
Thanks in advance for any insight!
Gina
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 0%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Hello Gina,
Yes you can, you do this by utilizing the permissions and scopes blade for the AAD B2C Application Registration blade. More information on this can be found here :
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-apps
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-web-application?tabs=applications
If you haven't configured any permissions or scopes in your AAD B2C Application then you won't be able to access anythign that's validating the access token for permissions. For more information on how the permissions/scopes work see here : https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent
Thanks for the detailed response. I will admit, it's a bit 'over my head' because I don't ever work with applications. But buried in that response I'm sure is the 'yes' to my question, whether or not you can limit the use of identity providers by application. For example, if we federate with Google, we only want app ABC to use that identity provider.
Thanks again for the info.
Gina