B2C: Block sign in for Social (Google, Facebook) and other external IDPs

Mikhail Delly 126 Reputation points
2023-01-26T14:28:20.47+00:00

There is a possibility to Block Sign-In for AD users using Block Sign-In property in b2c. It is general solution to use "accountEnabled" property to manage it via Graph API.

But it seems it doesn't work for external IDPs.

The only solution which I found is to create custom claim for b2c user such as "extension_accountEnabled" and validate it in custom steps of b2c custom policies.

https://stackoverflow.com/questions/63599125/azure-ad-b2c-disable-block-sign-in-for-social-federated-users

Question: Is this any way around to achieve blocking users with external IDPs from signing into B2c without using custom claims and custom policy steps but using standard b2c / graph tools?

Thanks.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,690 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,657 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,616 questions
0 comments
Accepted answer
  1. James Hamil 21,851 Reputation points Microsoft Employee
    2023-01-26T22:17:03.86+00:00

    Hi @Mikhail Delly , thanks for the question. I did some research and unfortunately you're correct that there's no direct way to do this with the Graph API. You'll have to use the custom policies for this. I'll reach out and see if there are any easier ways to do this, but currently there is no way to do this with the Graph API. Please let me know if you have any questions.

    If this answer helped you please mark it as "Verified" so other users can reference this.

    Thank you,

    James

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest