Set up sign-in for multi-tenant Azure Active Directory using custom policies in Azure Active Directory B2C

Micah Armantrout 6 Reputation points
2022-11-15T02:58:11.067+00:00

I have following the tutorial

https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-user-flow

I have a button showing up and it looks like it works but when I login with a work account I get

Selected user account does not exist in tenant 'Default Directory' and
cannot access the application '' in that tenant. The account needs to
be added as an external user in the tenant first. Please use a
different account.

It seems to work with a gmail account but not another tenant's account.

My question is how do I get it to work with another tenants account

Here are my 3 custom xml files
https://easyupload.io/m/w0gxlj

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,752 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Shweta Mathur 29,441 Reputation points Microsoft Employee
    2022-11-17T06:14:25.06+00:00

    Hi @Micah Armantrout ,

    Thanks for reach out.

    Thanks for sharing the xml files. I have gone through each and find your RP file B2C_IA_SIGNUP_SIGNIN has orchestration step to call AADCommon-OpenIdConnect technical profile, but I am not able to find the technical profile defined in any of the claim provider in the xml files.

    Also, while setting up the AADCommon-OpenIdConnect technical profile, you need to make sure of the below points:

    1. Application registered in the Azure AD should be multi-tenant application.
    2. Metadata should be correctly configured with common endpoint <Item Key="METADATA">https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration</Item>
    3. ValidTokenIssuerPrefixes should have Guid Id of each tenant from which you want to signIn.

    Hope this will help.

    Thanks,
    Shweta

    ---------------------------------------

    Please remember to "Accept Answer" if answer helped you.

    2 people found this answer helpful.
    0 comments No comments