Entra ID external tenants support for generic OIDC IDP federation
We currently have a B2C tenant federated with a few external OIDC IDPs. In the next months we need to migrate to Entra ID external tenants. Will Entra ID supports generic OIDC identity providers? Thanks in advance
Facing an issue setting up MFA authentication for external guest users in an Azure - External Tenant
I am facing an issue setting up MFA authentication for external guest users in an Azure External Tenant. Here is the infrastructure setup I have configured in the external tenant: Created an application with supported account type (Accounts in any…
Invalid_Grant AADB2C90085 error while using B2C Custom Policy with Google, FB and Azure AD as IdP
I have an Azure AD B2C Custom Policy defined in my B2C tenant. There are three identity providers configured in the same - Google, Facebook and Azure AD. The custom policy also has four custom attributes which are populated using a rest api endpoint…
Azure AD b2C SSO with Custom Policy
My Requirement - Establish an SSO between two applications utilizing Azure AD b2C I have a website call abc.com for which all employees login through their Azure AD B2C Once Logged in successfully, they will see a link called…
Country Dropdown - EEID
Hello on the sign in page for Entra External ID, the country field can only be a textbox or radio button. Is there a way to use a dropdown value here? If a dropdown is possible, is there anyway to restrict certain countries from showing up in the…
Can I connect to an AVD using SSO via Entra External ID?
I am trying to understand if a user invited into an Extra External ID directory will be able to use SSO to access a domain joined Azure Virtual Desktop.
Maui mobile app can't sign up new Entra ID
I have a .Net Maui mobile app that uses MSAL for authentication into Entra External ID. I created a User Flow and configured my tenant to allow "Enable guest self-service sign up via user flows". I can authenticate with existing Entra IDs…
Invoking MFA without invoking login flow for OIDC in Azure AD B2
UseCase: Invoke MFA only for certain high risk actions like fund transfer or change settings in an Authenticated Session. i.e user uses Azure AD B2C to login to our app with is configured with MFA. Once the user has successfully authenticated I would…
How can I use CBA for securing high privileged break glass account ?
How can I use the WildCard SSL App Service Certificate for the Certificate Based Authentication (CBA) to allow login with the Break Glass account? https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-certificate-based-authentication I…
Entra External ID sign in page generated under custom domain name in looks different
Hi! I have tried following the guide on using a custom URL domain for Entra External ID with Azure Front Door. https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-custom-url-domain But when I use the ciamlogin.com domain, the login page…
Authenticate Entra ID users with External ID External Tenant CIAM
We are looking at External ID external tenants as a possible CIAM solution rather than B2C which appears to be end of life / sunsetting now. However, I can't seem to find out if it is currently possible to have a sign up / sign in flow that supports…
Refresh tokens expire after 12 hours using Microsoft Entra External ID native authentication with OTP
Issue We chose Microsoft Entra External ID for authenticating external consumers using CIAM after reading this article We're using these Android & iOS clients to signup and signin users with OTP authentication …
Entra External ID MFA "... we ran into an error" and AADSTSS500208 error
Hi all, We are currently doing a PoC for External ID. For the administration of the tenant I've set up a bunch of cloud-only admin accounts (type=member, NOT local accounts). These should be used for configuration of the tenant, user flows etc. I've…
External OIDC Connection SSO in Entra External ID and custom user flow
Hi there, We are currently using B2C with custom policies. Our sign in page, takes in user's email address and based on the email domain, it tries to authenticate with external tenant, if no configured external tenant matches, it asks the user to enter…
Why do we see consistent `server_error` responses from Microsoft during the Oauth authorization code request?
When forwarding the user to https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize , we see a lot of redirects back to us with an error query parameter set to server_error. Why is this so consistent (~5-10 requests per hour see it)? Is there…
How would I provision Entra ID and External ID for apps shared with employees and customers?
We have several use cases where our staff and customers both need to log in to the same applications for eg booking a meeting room, ordering catering etc. If we set up an external tenant in Entra, will our staff users (who are in the main tenant) be…
If I lost my QR code in Authenticator to sign in to my Entra Admin center, how can I get it back?
Hello, I deleted my Authenticator app and reinstalled it because I thought it would remove a stuck badge, but it turns out it's a known bug that won't get fixed that way, only through a subsequent push... Anyway, now the Authenticator app is asking me to…
Microsoft Entra External ID Sign In Frequency
We are using an external tenant to authenticate users of our mobile app. Currently there is no way for us to adjust the frequency of sign in. Right now it seems to be 12-24 hours. I looked into creating a condition access policy but the key section for…
Entra External ID - Migration Options
I need to migrate users from an on prem Auth provider, where I am not able to access the passwords (On way hashed) to Entra External ID, Is there away in Entra to valid the user against the on prem auth when signing in and then move the password to Entra…
Trying to connect a third party app (Verizon One Talk) to connect contacts from Office 365 account
Trying to connect the Verizon One Talk app to use contacts from my Office 365 account. I created an Enterprise app in my Azure account. But the new app in Azure creates its own identifier. When I sync from the OneTalk app, the default identifier it…