Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C

Question

I have following the tutorial

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-user-flow

I have a button showing up and it looks like it works but when I login with a work account I get

Selected user account does not exist in tenant 'Default Directory' and
cannot access the application '' in that tenant. The account needs to
be added as an external user in the tenant first. Please use a
different account.

It seems to work with a gmail account but not another tenant's account.

My question is how do I get it to work with another tenants account

Here are my 3 custom xml files
https://easyupload.io/m/w0gxlj

Answer 1

Hi @Micah Armantrout ,

Thanks for reach out.

Thanks for sharing the xml files. I have gone through each and find your RP file B2C_IA_SIGNUP_SIGNIN has orchestration step to call AADCommon-OpenIdConnect technical profile, but I am not able to find the technical profile defined in any of the claim provider in the xml files.

Also, while setting up the AADCommon-OpenIdConnect technical profile, you need to make sure of the below points:

1. Application registered in the Azure AD should be multi-tenant application.
2. Metadata should be correctly configured with common endpoint <Item Key="METADATA">https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration</Item>
3. ValidTokenIssuerPrefixes should have Guid Id of each tenant from which you want to signIn.

Hope this will help.

Thanks,
Shweta

---------------------------------------

Please remember to "Accept Answer" if answer helped you.