This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 10%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Currently our team is struggling with propper architecture of Azure B2C solution for our multi tenant app.
Here is what we want to achieve. We want to enable users from certain Azure AD to authenticate. This is nicely described here with restricting tenants we want to enable.
We just want to enrich this solution with google authentication. We do not want to enable all users to be able to sign up. Is there a possibility to create google federated user programatically? We basically recieve list of emails from customer company and we create accounts in tenant). As far as I know there is no possiblity to achieve this using ms graph API when I don't have issuerUserId of user.
Do we have any possible solutions for this type of scenario? Like invitation email or so? Or maybe B2C is not a propper solution in this case.
Thanks in advance
AFAIK, there is no limitations on the custom policy and RESTAPIs however you will need to setup the custom policies to test the workflows and your requirements - api-connectors-overview
If you have further questions I will request you to raise a Support Case with Microsoft via your Account Manager.
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Hi,
I think you are looking for Azure B2B instead of B2C? Explore more on the Azure B2B side for your requirements and check out if it helps - b2b-quickstart-add-guest-users-portal
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Why should I use B2B? In B2C I would have all users in my B2C tenant. Also in case of authenticating google users B2B is not any better than B2C.
Hi Mikoaj,
I was thinking on the lines of inviting users and adding it via B2B process and managing it via Entitlement Management , however if that does not fit I think by default it is not possible and you will have to explore thirdparty integration products and one of them is WhoIAM Rampart and they provide invitation gated auto provisioining of users so try exploring that.
Definetely will require some sort of custom policies.
So I i have two options using Rampart (which is pretty expensive) or use some sort of custom policy, right? Any samples (or something like this) in case of policies?
Custom Policies will require designing your workflows and setting up exact criterias and this is not something out of box ready for deployment, hence third party products flourish or you need to engage special services that deal with such specific requirements.
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Okay, I fully underestand custom policies topic but is there any example of signing up user from google without allowing everyone to be abler to sign up in docs (I cannopt find any).
Yes there is no out of the box solution ready but our friend in MS @AmanpreetSingh-MSFT has documented steps here.
azure-ad-b2c-signin-only-that-users-who-has-gmailc.html
Hope this helps.
==
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
One last question, is there possibility to have this type of restriction with for example calling REST API and checking or something like this?
Really appreciate for your support