Hi @Rahul , to check if an account exists with the given email in Azure AD B2C Custom policies, you can use the AAD-UserReadUsingEmailAddress
technical profile. This technical profile reads the user's account information using the email address provided by the user. If the account exists, it returns the user's object ID. If the account does not exist, it returns an error.
To use this technical profile in your custom policy, you can add it to your SignUp
or PasswordReset
user journey. Here is an example of how to add it to the SignUp
user journey:
- In your
SignUp
user journey, add a new orchestration step before theSendCode
step. This step will call theAAD-UserReadUsingEmailAddress
technical profile.
<OrchestrationStep Order="1" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>isExistingUser</Value>
<Value>False</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="CheckExistingUser" TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress" />
</ClaimsExchanges>
</OrchestrationStep>
- Add a precondition to the
SendCode
step that checks if theobjectId
claim is present. If the claim is present, it means that the user already exists, and you can skip theSendCode
step.
<OrchestrationStep Order="2" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>isExistingUser</Value>
<Value>True</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SendCode" TechnicalProfileReferenceId="SendCode" />
</ClaimsExchanges>
</OrchestrationStep>
- Add a validation technical profile that checks if the
objectId
claim is present. If the claim is not present, it means that the user does not exist, and you can show an error message.
<TechnicalProfile Id="CheckExistingUserValidation">
<DisplayName>Check if user exists</DisplayName>
<Protocol Name="None" />
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="isExistingUser" DefaultValue="False" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserReadUsingEmailAddress" ContinueOnError="false" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
- Add the
CheckExistingUserValidation
technical profile to theSignUp
user journey after theLocalAccountSignUpWithLogonEmail
technical profile.
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...
<OutputClaims>
...
<OutputClaim ClaimTypeReferenceId="isExistingUser" DefaultValue="False" />
</OutputClaims>
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="CheckExistingUserValidation" />
</ValidationTechnicalProfiles>
</TechnicalProfile>
With these changes, when a user enters an email address during the SignUp
user journey, the AAD-UserReadUsingEmailAddress
technical profile will check if an account exists with that email address. If an account exists, the objectId
claim will be set, and the SendCode
step will be skipped. If an account does not exist, the objectId
claim will not be set, and the CheckExistingUserValidation
technical profile will show an error message.
Please let me know if you have any questions and I can help you further.
If this answer helps you please mark "Accept Answer" so other users can reference it.
Thank you,
James