User does not exist when authenticating in Azure B2C

Jesus Orlando Aguilar Contreras 75 Reputation points
2023-04-21T20:15:38.1866667+00:00

Hi everyone, I am having a problem with Azure AD users authenticating with B2C. The case is as follows: There is a company A that has company B's users in their Azure AD. When a user is needed in company B, it is created in A and then it can access the Azure resources of B's tenant to which they give permissions. An Azure B2C has been created in company B's AD and an application has been registered in company A's AD. Then, the B2C flow, uses the APP in the AD of company A to validate the authentication of the users but when validating correctly the access and returning, it generates this error: AADB2C99002: User does not exist. Please sign up before you can sign in.

What am I doing wrong? or what other steps am I missing to avoid getting this error?

My suspicion is that once the user is authenticated in the AD of the company A, it looks for it in the AD of the company B but it does not find it because the user is really created in the AD of the company A.

The B2C is being used to authenticate users from company A and B in a Web APP deployed in Azure from company B.

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,796 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,782 questions
0 comments No comments
{count} vote

Accepted answer
  1. James Hamil 22,186 Reputation points Microsoft Employee
    2023-04-24T20:46:17.5333333+00:00

    Hi @Jesus Orlando Aguilar Contreras , It seems like you have set up Azure AD B2C in company B's tenant to authenticate users from company A's Azure AD. The error "AADB2C99002: User does not exist. Please sign up before you can sign in" occurs when the user is not found in the Azure AD B2C directory.

    To resolve this issue, you need to configure Azure AD B2C to use company A's Azure AD as an identity provider. This way, users from company A can authenticate using their Azure AD credentials, and Azure AD B2C will not look for them in company B's directory. Here are the steps to configure Azure AD as an identity provider in Azure AD B2C:

    1. Register an application in company A's Azure AD tenant.
    2. Record the Application (client) ID and create a client secret for the registered application.
    3. In company B's Azure AD B2C tenant, create a policy key to store the client secret.
    4. Configure Azure AD B2C to use company A's Azure AD as an identity provider by adding it to the ClaimsProvider element in the extension file of your policy. After configuring Azure AD as an identity provider, you should be able to authenticate users from company A in the Web App deployed in Azure from company B using Azure AD B2C.

    Please let me know if this works or if you have any questions!

    If this answer helps you please mark it as "Verified" so other users can reference it.

    Thank you,

    James


0 additional answers

Sort by: Most helpful