Can Read Users in B2C Active Directory but cannot Create Users

Joe Thomas 1 Reputation point

I have a B2C AD for which I am able to get a single user and list all users.

I get 401 unauthorised when I try to create a user.

My API app is registered in B2C with permissions Directory.Read.All, Directory.ReadWrite.All and User.ReadWrite.All - all of them indicate they have admin consent.

Client secret is in order.

I am trying to do a simple POST request with the access token I receive from the{tenant id}/oauth2/v2.0/token end point.

Where am I going wrong?


Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,557 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,635 questions
{count} votes

1 answer

Sort by: Most helpful
  1. 2020-12-11T17:45:20.1+00:00

    Hello, please ensure you're using an Azure AD app registration which differs from a B2C app registration, the later does not support MS Graph. Also that the user being authenticated has directory permissions to create users, such as belonging to a role like User Administrator.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

    2 people found this answer helpful.