Azure B2c: Blocking Sign-In for accounts with External IDPs (Social, External Tenants).

Question

There is a possibility to block sign-in process on B2c side using user property Block Sign-In. It is general solution to use accountEnabled to manage it via Graph API.

But It seems this solution still doesn't work for Social (Google, Facebook etc) and other external IDPs.

Similar topics here:

[https://stackoverflow.com/questions/41438100/how-to-deactivate-and-reactivate-user-in-azure-ad-b2c

[https://feedback.azure.com/d365community/idea/4739dfe1-b625-ec11-b6e6-000d3a4f0789

The only solution which I found is to create custom claim for B2c user and use it in custom policy steps like in the following example:

[https://github.com/azure-ad-b2c/samples/tree/master/policies/disable-social-account-from-logon

Question: Is this any possibility to achieve blocking Sign-In of the users with external IDPs without creating custom claim in b2c (like "extension_accountEnabled") and create steps for validating it in b2c custom policies?

Thanks.

Answer 1

Hi @Mikhail Delly , I saw this is a duplicate to an answer I posted yesterday so I'll repost it here for others to reference.

I did some research and unfortunately you're correct that there's no direct way to do this with the Graph API. You'll have to use the custom policies for this. I'll reach out and see if there are any easier ways to do this, but currently there is no way to do this with the Graph API. Please let me know if you have any questions.

If this answer helped you please mark it as "Verified" so other users can reference this.

Thank you,

James