External Identity User Flows: Disabling Sign-up in a "Sign-up and Sign-in" User Flow does not Take Effect when demoing via the "Run User Flow" interface
Overview: Our team recently created a "Microsoft Entra ID for Customers" resource which we are attempting to configure for our use case. For said use case, only customers with pre-created accounts should be able to access our application. As…
Azure AD B2C & AWS Cognito Integration
Hi, I have an Azure AD B2C custom policy (SAML protocol) being used by an application 'A' setup and working fine. I want to integrate another application 'B' using OpenId protocol. This application 'B' is hosted in AWS and uses AWS Cognito user pool. I…
![](https://techprofile.blob.core.windows.net/images/3b270b575c094eeca63e9bc66c861c5a.png)
How to give external customer accounts in a entra external id tenant access to a a web api in my internal tenant?
I have an internal tenant A where I have internal resources (web api, functions, database, admin website etc). Recently I created an external tenant B with Microsoft Entra External id for customers. There I have registered a SPA app where external…
![](https://techprofile.blob.core.windows.net/images/3b270b575c094eeca63e9bc66c861c5a.png)
Why does my Azure AD B2C go into infinite loop on login (localhost)
Followed tutorial (below) to set up a .Net 8 MVC app with an Azure AD B2C signin page. Using a new tenant with user flows. When I test the user flow with reply url, jwt.ms, a token is created. However, when I attempt to test login locally…
![](https://techprofile.blob.core.windows.net/images/3b270b575c094eeca63e9bc66c861c5a.png)
Guest user login method
I am trying to add external users as Guest user in Entra ID. Can I set login method when adding a user. Currently, login methods varies whether added email has a Microsoft/Azure account or not. I want to use mail OTP as a login method for all the guest…
Guest Access to Microsoft 365 Apps for Business
Hi team, I assigned Microsoft 365 Apps for Business license to a guest user in my tenant. The license assignment is successful but it seems guest can not really use M365 apps (Word, Excel, etc). The guest user gets error message when to access M365 app…
Trying to cancel a sign by appending 'error' to oauth2/authresp returns 'invalid response'
We are trying to get an OIDC provider to return an 'access denied' error back to an Azure AD B2C user flow when the user cancels / fails the sign in. The Azure AD B2C documentation states that we should be able to send an error back to AADB2C during the…
AZ B2C User Flows not showing
To test PowerPages and B2C authentication I created a B2C in my tenant. Got everything set up and it worked fine. Came back the next day and the User Flows section was gone from the menu. As a test I created a new B2C, associated it with current…
Attribute Mapping in Azure AD Provisioning
Hello All, I hope you all are doing good. We’re integrating SuccessFactors HRIS solution with Entra ID. During synchronization from SF to Entra ID, several attributes have limitations. Suppose the username attribute sends a character limit of 256, but…
"The policy specifies multiple RefreshToken UserJourney Ids" error in ROPC setup Azure AD B2C Custom Policy
Hello, I am trying to set up ROPC for my application that uses custom policies, and I am following this tutorial: https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy#ropc-flow-notes. I…
Create and Assign Custom Security Attributes
How do I design a few applications access based on the following fields? Can i create Custom security Attributes or Group base permission? Application ------> App1, App2 Role ------> Contractor , engineer, PM, SalesRep RoleID --->Con , ENG,…
Restrictions on Attribute Mapping values in Azure AD Provisioning
Hello All, I hope you all are doing good. We’re integrating SuccessFactors HRIS solution with Entra ID. During synchronization from SF to Entra ID, several attributes have limitations. Suppose the username attribute sends a character limit of 256, but…
What are the supported MFA methods for External ID in External Tenants?
According to the documentation, it appears that only an email one-time password (OTP) is supported. However, we found that the SMS OTP also works. Could we obtain confirmation regarding this? Additionally, is there an estimated timeline for supporting…
How to force reset password when sending invite to user using Graph API (python)
I am sending an invite to user to access my application. I can send and add them to groups using python and graph api. However, on accepting, the user (with a non microsoft id) gets prompted a OTP in their email to access the app. I want the user to…
Calling Token Endpoint of B2C Custom Policy
I have an Azure AD B2C Custom Policy. I have the urls' for all of its endpoints. In this policy, in the 'TrustFrameworkExtensions' xml, I want to integrate the 'Token' REST endpoint for this policy itself. First of all, is it doable ? I am trying to do…
Licensing for Tenants using B2B functionality
Hi, My understanding is that B2B is now part of Microsoft Entra External ID, but specifically in the Workforce tenant type (not external). I am investigating options for how we provide access to our apps for our customers - the apps will be per customer,…
How can I apply a license to an External Tenant app proxy on Entra?
I am setting up an External Tenant on Entra and need to use it with an app proxy. However, the app proxy requires at least a P1 license, and I can't find a way to apply the license to the tenant since there is no license administration. I noticed that…
Authentication methods | Registration campaign - Migrating all of my users away from SMS and phone to Authenticator apps?
My company wanted to migrate its entire global users from using SMS and Phone Voice to phishing-resistant methods using Microsoft Authenticator apps. How can we migrate users away from SMS and phone calls in a staged manner rather than all at once? My…
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
![](https://techprofile.blob.core.windows.net/images/WsWYoGdWukeBW66msAr6qQ.png?8D8128)
AADB2C90304: User journey went into a bad state. Claims exchange with id 'LocalAccountSigninEmailExchange' could not be found in orchestration step '2'.
Hi, I am creating users using Microsoft Graph API as follows var userToAddToAAD = new User { AccountEnabled = true, DisplayName = $"{firstName} {lastName}", …
Need support about External user of EntraID
Hi Microsoft support team, I'm using EntraID trial and I faced with 1 problem. That is when I register an Enterprise Application, I config Supported Account type to Multiple Tenant. After that some users used their Microsoft Account to authorized the…