Azure AD B2C Custom Policy | How can we change AccountEnabled status for new external identity provider user (SSO user) to True when user is created/signed up through custom policy flow.

Question

Hi Team,

We are using Azure AD B2C custom policy to create external identity provider user (SSO user) in B2C.

We have integrated Microsoft Azure AD, OneLogin, Okta, Salesforce as external identity providers. And users are successfully getting created for all of these identity providers by custom policy flow.

However, new B2C user is getting created with AccountEnabled status as False. We want this status to be set as True when custom b2c policy is creating new user.

We tried setting up AccountEnabled status claim as True in different technical profiles.

Also tried adding "AssertAccountEnabledIsTrue" claims transformation in "AAD-UserReadUsingAlternativeSecurityId" technical profile.

However, failed to change the value of AccountEnabled attribute.

Please help us to understand the behavior of B2C custom policies with external identity providers and resolve this issue.

Thank you for the help in advance!

Answer 1

Hello @Kiran Zende

AccountEnabled status is set to false for accounts created without passwords which applies to external IdP Accounts. Only Local accounts users will get their account set to true during SignUp process.

Setting the AccountEnabled status to true wont work as this is controlled by B2C itself. You might want to create a custom attribute (extension_accountEnabled) for this purpose.

For more information, go through the information on this link which might help.

Let me know if further assistance is required