This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMD%3C/text%3E%3C/svg%3E)
There is a possibility to Block Sign-In for AD users using Block Sign-In property in b2c. It is general solution to use "accountEnabled" property to manage it via Graph API.
But it seems it doesn't work for external IDPs (Social (Google, Facebook) etc.)
There is two ways to do this:
Unfortunately, in a solution with default accountEnabled prop it is impossible to reach the redirect orchestration step cause default validator throws and error if Block Sign-In is TRUE and terminates UserJourney for users which are using AAD as IDP.
Is it possible to override default validating accountEnabled behavior to have same redirection for all types of IDPs? Or the only one way is to use custom extension_accountEnabled prop and redirect on error page based on it?
Thanks.
Hello, the accountEnabled attribute for Azure AD B2C federated accounts is managed by Azure AD B2C itself. The only way to block this type of account is using the refered sample which leverages the extension_accountEnabled custom attribute.
Let us know if you need additional assistance. If the answer was helpful, please accept it so that others can find a solution.