This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 52%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEG%3C/text%3E%3C/svg%3E)
I wanted to try a basic scenario, where we could support a login by email and also a basic identifier (unique alphanumeric identifier).
When creating the b2c user, there is the "User Name" method. Notice that we can't assign a email there and it is why I look for (unique alphanumericl identifier, not an email). So there is a validation error if I attempt to assign a email:
What is the difference here between a "User Name" (in sign in method) and the user "Name" bellow? User name != a user "Name" ?
Once the user is created, I can see the that "User Name" had been transposed to "User Principal Name". UPN is a normalised field / attribute and expect a email format, if I try to edit the User Name that was assigne I now get a validation error (and we should expect this error with UPN).
It looks like there is another "user principal name " (using correct specs) assigned automatically and visible in Issuer. What's the difference between these assignements?
I also noticed that if I assign email in contact info, it had no impact in the email used for authentication.
What documentation should I read to understand all this?
Should I stay away from wysiwyg form user edit and only use graph api to manage user?
Thanks,
Eric
Hi @Eric Gagnon , thanks for the question. I would recommend looking over the "Plan and Design" documents for user creation, specifically this one.
To begin, the "User Name" input should not be an email. For example: "cacaoutte". This is the unique identifier for a user. There can only be one "cacaoutte" for your domain. This is what's different from the "Name" field. A name could be the same for multiple users. There could be multiple "John Smith" for example, as long as their User Name is different.
The error you're getting when you edit your User Principal Name is because you need to add the domain to the end of it. If you change it to "cacaoutte@<YOURDOMAIN>.onmicrosoft.com" it will work. Basically, User Principal Domain is the username + your domain.
You can use whatever you like the most for user edit, as both follow the same rules. If you encounter any errors you can always post back here! Graph API is great for scripting and bulk changes if needed.
Please let me know if you have any questions and I can help you further!
If this answer helped you please mark it as "Verified" so other users can reference it.
Thank you,
James
I'll give a look to the document, thanks.
I understand that "User name" set in create new user should not be a email and that User principal name (as visible in "edit" mode of created user) should be a email.
What I'm showing in my exemple is that when I save the User Name (new b2c user) the value is saved in User Principal name (and obviously in incompatible format).
Is this a bug?
Step to reproduce in shorter / textual form:
Eric
Still hoping a follow up on this one. It seem to be a bug, should I report it myself somewhere else?
I now have access to our organisation environnement, I'll see if the team managing it have some kind of support contract that could help us getting more help.
From my point of view, Azure portal user creation should not force us to type a username without domain and then copy that value into upn (invalid to upn sepcs).
It's not even a possible to fix to fix the mess manuallly:
I change the value of User Principal Name:
Save without error and see the value returning to the iniatial user name value with validation errors:
(username is obfuscated here but it's the value without domain type at user creation using portal:
My coworker is working on the graph api user creation part (instead of manual azure portal creation). I'll have to checkout if this same weird behavior of assigning userName to userPrincipal is also done automatically. I hope not.
I go through the documentation / stackoverflows again and gain to make sure I'm not missing anything and it's a bit of a hell.
In that page https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-overview we have:
"Name and User name - The Name property contains the given and surname of the user. The User name is the identifier that the user enters to sign in. The user name includes the full domain. The domain name portion of the user name must either be the initial default domain name your-domain.onmicrosoft.com, or a verified, non-federated custom domain name such as contoso.com.
Email - The new user can also sign in using an email address. We do not support special characters or multibyte characters in email, for example Japanese characters."
If "username" must have a domain, why does Azure portal new b2c flow not enforcing it?
Why would UserName, also considering it's a local account, be forced to have a email / domain format anyway? This defeat the purpose of using a simpler identifier (login id?) instead of email. In this case, both "userName" and email end having a email format and also prevent us to migrate our own current "userName" (we would also have to explain why the userName is something@tenant .onmicrosoftcom instead of our org domain).