Can Read Users in B2C Active Directory but cannot Create Users

Joe Thomas 1 Reputation point

I have a B2C AD for which I am able to get a single user and list all users.

I get 401 unauthorised when I try to create a user.

My API app is registered in B2C with permissions Directory.Read.All, Directory.ReadWrite.All and User.ReadWrite.All - all of them indicate they have admin consent.

Client secret is in order.

I am trying to do a simple POST request with the access token I receive from the{tenant id}/oauth2/v2.0/token end point.

Where am I going wrong?


Azure Active Directory External Identities
Microsoft Graph Azure AD API
Microsoft Graph Azure AD API
A Microsoft API that queries the user's profile, finds other users, manages organizational relationships, tracks assignments, or creates original solutions that incorporate existing organizational data.
209 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla (MSFT) 17,096 Reputation points Microsoft Employee

    Hello, please ensure you're using an Azure AD app registration which differs from a B2C app registration, the later does not support MS Graph. Also that the user being authenticated has directory permissions to create users, such as belonging to a role like User Administrator.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    2 people found this answer helpful.