AzureAD B2C - Users sync - Batch operation - Queues/Events

juni dev 336 Reputation points
2022-11-02T19:37:29.997+00:00

Hi,

I was requested to implement an API to sync a single AzureAD B2C user to another IdP (Via API on APIM) on demand
This seems easy work for one single user at a time and on on demand and cab be a synchronous operation

However I was requested to provide also a SyncAll operation. This can be a really long operation and I guess I should define a mechanism to "queue request/batch process / notify conclusion to requestor".

any design/suggestions/recomendations?
any samples?

Thanks
JD

Azure Event Hubs
Azure Event Hubs
An Azure real-time data ingestion service.
581 questions
Azure Queue Storage
Azure Queue Storage
An Azure service that provides messaging queues in the cloud.
99 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,723 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,811 Reputation points Microsoft Employee
    2022-11-07T22:14:00.47+00:00

    Hi @juni dev ,

    Thanks for your post! I understand that you would like to bulk migrate B2C users to another IdP. Without knowing more about your IdP setup, it's difficult to give more specific instructions. But if you were going to migrate the B2C users to another Azure B2B tenant, an option would be to bulk-invite the users since you can't bulk sync them out of the box.

    We have a guide for Azure AD B2C migration, as well the related Github repository that contains samples of how to migrate accounts with a Graph API call. In these examples the users are stored in an Azure Table, and the system validates the user credentials by calling an identity provider web service. The documentation includes several approaches and samples and it's up to the individual user which one to choose depending on the environment requirements.

    You can use Powershell to create local accounts, but for social identities you do need to use Graph API as stated in the documentation.

    To migrate all of the accounts to a new B2C tenant, you can follow these steps from the JIT migration guide:

    1. Move your user data to an Azure Table. (You can migrate users from SQL to Azure Table storage using Azure Data Factory.)
    2. Open the AADB2C.JITUserMigration.sln and open the appsettings.json. Replace the app settings with your own values: "AppSettings": {
      "BlobStorageConnectionString": "<Your connection string to Azure Table that stores your identities to be migrated>" }

    3) Deploy the B2C web app to Azure App Services and set the application settings.
    4) Open the policies files, change the tenant name, client_id and IdTokenAudience for Local Account sign-in, and upload the policies to Azure portal.

    To migrate local accounts, you can use the Powershell script documented here by Amanpreet to create local accounts in bulk in the B2C tenant:

         Connect-azuread   
         $users = import-csv C:\temp\Admin.csv  
         $PasswordProfile = New-Object -TypeName Microsoft.Open.AzureAD.Model.PasswordProfile  
         $PasswordProfile.Password = "P@$$w0rd"  
         foreach ($usr in $users)  
         {  
         New-AzureADUser -DisplayName $usr.name -PasswordProfile $PasswordProfile -UserPrincipalName $usr.upn -AccountEnabled $true -MailNickName $usr.email  
         }   
    

    If you would like to request a more streamlined way to migrate users, you can create a request in the feedback forum. https://feedback.azure.com/

    Additional reading:
    Bulk load users into Azure B2C
    Cant Bulk Create Azure ad b2c users
    Bulk migration of B2C users

    -
    If the information helped you, please Accept the answer. This will help us and other community members as well.