![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 65%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
3,285 questions
Thank you for your post and I apologize for the delayed response!
To hopefully help point you in the right direction and resolve your issue, you can reference the steps below to achieve your tasks.
Note: You can't update an existing B2C tenant or redeploy a template with the same tenant name.
- You can create a B2C tenant with an ARM template or Bicep file, but you can't update an existing B2C tenant. If you need to update a B2C tenant, use B2C Tenants - Update.
resource symbolicname 'Microsoft.AzureActiveDirectory/b2cDirectories@2021-04-01' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
tier: 'A0'
}
properties: {
createTenantProperties: {
countryCode: 'string'
displayName: 'string'
}
}
}
Additional Links:
Register a B2C App with API Permissions and Admin consent the permissions.
To create a web application, web API, or native application within your B2C tenant you can leverage the below az ad app CLI commands.
#Login to your Azure B2C tenant
az login --tenant 'b2cTenantName.onmicrosoft.com'
#Create a web application, web API or native application.
az ad app create --display-name mytestapp
#Add API permissions.
az ad app permission add --id {appId} --api 00000003-0000-0000-c000-000000000000 --api-permissions e1fe6dd8-ba31-4d61-89e7-88639da4683d=Scope
#Grant Application & Delegated permissions through admin-consent.
#You must login as a Global Administrator.
az ad app permission admin-consent --id 00000000-0000-0000-0000-000000000000
Additional Links:
- Az CLI - Register an Azure AD B2C Application
- B2C Applications Rest API
- How do I use Bicep (or ARM) to create an AD app registration and roles?
- Creating App Registration with ARM templates/Bicep - 3rd party walkthrough
Assign the application a Microsoft Entra role (i.e., User Administrator)
When it comes to assigning your Azure B2C Application a Microsoft Entra role, you'll need to use PowerShell or the Microsoft Graph API. For more info - Microsoft Entra role-based access control.
- List the directory roles that are activated in your tenant to get the User Admin
roleDefinitionId
GET https://graph.microsoft.com/v1.0/directoryRoles
- Create a role assignment for your Azure B2C Application using the application's ObjectID. For more info - POST Operations on RoleAssignment.
POST https://graph.microsoft.com/v1.0/roleManagement/directory/roleAssignments
Content-type: application/json
{
"@odata.type": "#microsoft.graph.unifiedRoleAssignment",
"roleDefinitionId": "c2cf284d-6c41-4e6b-afac-4b80928c9034",
"principalId": "f8ca5a85-489a-49a0-b555-0a6d81e56f0d",
"directoryScopeId": "/"
}
Additional Links:
- Assign custom admin roles using the Microsoft Graph API in Microsoft Entra ID
- Assign custom roles with resource scope using PowerShell in Microsoft Entra ID
- roleManagement resource type - Microsoft Graph
- List applications - Microsoft Graph REST API
The b2cIdentityUserFlow resource type within the Microsoft Graph REST API gives you the capability to configure pre-built policies for sign-up, sign-in, combined sign-up and sign-in, password reset, and profile update. For more info.
POST https://graph.microsoft.com/beta/identity/b2cUserFlows
Content-type: application/json
{
"id": "Customer",
"userFlowType": "signUpOrSignIn",
"userFlowTypeVersion": 3
}
Additional Links:
I hope this helps!
If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.