Guest user login method
I am trying to add external users as Guest user in Entra ID. Can I set login method when adding a user. Currently, login methods varies whether added email has a Microsoft/Azure account or not. I want to use mail OTP as a login method for all the guest…
Guest Access to Microsoft 365 Apps for Business
Hi team, I assigned Microsoft 365 Apps for Business license to a guest user in my tenant. The license assignment is successful but it seems guest can not really use M365 apps (Word, Excel, etc). The guest user gets error message when to access M365 app…
Trying to cancel a sign by appending 'error' to oauth2/authresp returns 'invalid response'
We are trying to get an OIDC provider to return an 'access denied' error back to an Azure AD B2C user flow when the user cancels / fails the sign in. The Azure AD B2C documentation states that we should be able to send an error back to AADB2C during the…
How to Add Custom Properties to the User Object in Microsoft Entra External ID
I've been attempting to use the New-MgSchemaExtension and New-MgUser cmdlets in Microsoft Graph PowerShell to add custom properties to the User object. My goal is to ensure these custom properties are accessible when creating a new external user and…
AZ B2C User Flows not showing
To test PowerPages and B2C authentication I created a B2C in my tenant. Got everything set up and it worked fine. Came back the next day and the User Flows section was gone from the menu. As a test I created a new B2C, associated it with current…
The risk and consequence for the users when migrating Legacy Multi-factor authentication to the new Entra ID Authentication methods
I need some assistance before migrating from this old legacy portal: https://account.activedirectory.windowsazure.com/UserManagement/MfaSettings.aspx to this new location:…
Attribute Mapping in Azure AD Provisioning
Hello All, I hope you all are doing good. We’re integrating SuccessFactors HRIS solution with Entra ID. During synchronization from SF to Entra ID, several attributes have limitations. Suppose the username attribute sends a character limit of 256, but…
"The policy specifies multiple RefreshToken UserJourney Ids" error in ROPC setup Azure AD B2C Custom Policy
Hello, I am trying to set up ROPC for my application that uses custom policies, and I am following this tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy#ropc-flow-notes. I…
Create and Assign Custom Security Attributes
How do I design a few applications access based on the following fields? Can i create Custom security Attributes or Group base permission? Application ------> App1, App2 Role ------> Contractor , engineer, PM, SalesRep RoleID --->Con , ENG,…
Restrictions on Attribute Mapping values in Azure AD Provisioning
Hello All, I hope you all are doing good. We’re integrating SuccessFactors HRIS solution with Entra ID. During synchronization from SF to Entra ID, several attributes have limitations. Suppose the username attribute sends a character limit of 256, but…
What are the supported MFA methods for External ID in External Tenants?
According to the documentation, it appears that only an email one-time password (OTP) is supported. However, we found that the SMS OTP also works. Could we obtain confirmation regarding this? Additionally, is there an estimated timeline for supporting…
How to force reset password when sending invite to user using Graph API (python)
I am sending an invite to user to access my application. I can send and add them to groups using python and graph api. However, on accepting, the user (with a non microsoft id) gets prompted a OTP in their email to access the app. I want the user to…
Calling Token Endpoint of B2C Custom Policy
I have an Azure AD B2C Custom Policy. I have the urls' for all of its endpoints. In this policy, in the 'TrustFrameworkExtensions' xml, I want to integrate the 'Token' REST endpoint for this policy itself. First of all, is it doable ? I am trying to do…
Licensing for Tenants using B2B functionality
Hi, My understanding is that B2B is now part of Microsoft Entra External ID, but specifically in the Workforce tenant type (not external). I am investigating options for how we provide access to our apps for our customers - the apps will be per customer,…
How can I apply a license to an External Tenant app proxy on Entra?
I am setting up an External Tenant on Entra and need to use it with an app proxy. However, the app proxy requires at least a P1 license, and I can't find a way to apply the license to the tenant since there is no license administration. I noticed that…
Authentication methods | Registration campaign - Migrating all of my users away from SMS and phone to Authenticator apps?
My company wanted to migrate its entire global users from using SMS and Phone Voice to phishing-resistant methods using Microsoft Authenticator apps. How can we migrate users away from SMS and phone calls in a staged manner rather than all at once? My…
REST API integration in Azure AD B2C Custom Policy
I am trying to call Token endpoint for B2C Custom policy. When verified through postman, I am able to successfully call the endpoint. The parameters used in this postman request are as seen in the attached image. I want to integrated this endpoint in my…
AADB2C90304: User journey went into a bad state. Claims exchange with id 'LocalAccountSigninEmailExchange' could not be found in orchestration step '2'.
Hi, I am creating users using Microsoft Graph API as follows var userToAddToAAD = new User { AccountEnabled = true, DisplayName = $"{firstName} {lastName}", …
How to add a timeout system to my API Management Developer Portal?
I have an API Management developer portal (standard tier) that I want users to be timed out of after inactivity. I've been testing my developer portal and it seems that the user will stay signed in even if they do not interact with the webpage. I am…
Need support about External user of EntraID
Hi Microsoft support team, I'm using EntraID trial and I faced with 1 problem. That is when I register an Enterprise Application, I config Supported Account type to Multiple Tenant. After that some users used their Microsoft Account to authorized the…