Signing in with B2C Tenant users in Enterprise Application SSO

Paul Donnelly 0 Reputation points
2024-11-05T09:59:34.8433333+00:00

I have an Enterprise Application set up in the same directory as my B2C tenant. It is configured for SAML SSO to sign on with a 3rd-party application. I have set "Assignment required?" to "No".

When I test sign-in I am not able to sign in with any user in the B2C tenant ("This user may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin"), and I only seem to be able to sign in with the user from my organisation's Entra Id tenant.

Is there a way I can allow for member users to log in with this configuration? Does the Enterprise Application need to be configured in a different way?

Properties:

Properties

Single sign-on:

Single sign-on

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,472 questions
{count} votes

2 answers

Sort by: Most helpful
  1. Akhilesh Vallamkonda 10,410 Reputation points Microsoft Vendor
    2024-11-06T08:56:07.1266667+00:00

    Hi @Paul Donnelly
    Thank you for reaching Microsoft Q&A Forum!
    May I know how your B2C users are created, is the users are registered via user flow or custom policy? or you have created the user account in the B2C tenant?

    In Azure AD B2C, users registered via user flows or custom policies using personal IDs or social accounts can indeed face restrictions when trying to access certain enterprise applications. This is because enterprise applications often require users to authenticate with a work or school account, which provides additional security and compliance features not available with personal or social accounts.
    To enable access to enterprise applications, you might need to configure your Azure AD B2C tenant to support work or school accounts or invite the user as a guest.

    Reference: user accounts in Azure Active Directory B2C
    Hope this helps. Do let us know if you any further queries by responding in the comments section.

    Thanks,

    Akhilesh.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.


  2. Shweta Mathur 30,176 Reputation points Microsoft Employee
    2024-11-15T06:22:10.11+00:00

    Hi @Paul Donnelly ,

    Thanks for your time and patience on this thread.

    As @Akhilesh mentioned to enable access to enterprise applications registered in B2C tenant supports underlying properties of Microsoft Entra tenant, so you might need to configure your Azure AD B2C tenant to support work or school accounts or invite the user as a guest.

    To integrate single sign-on for your B2C users with CVENT, you will need to configure SAML-based authentication in Azure AD B2C and provide the SAML metadata to CVENT.

    To allow your B2C member users to sign in without requiring a guest invitation, you can configure the SAML-based authentication as identity provider to allow self-service sign-up. This will allow your B2C users to sign up and create their own accounts in your B2C tenant.

    1. Create a new policy in Azure AD B2C for SAML-based authentication.
    2. Configure the SAML-based authentication policy to allow self-service sign-up.
    3. Configure the SAML-based authentication policy to map the user attributes to the SAML claims required by CVENT.
    4. Export the SAML metadata from Azure AD B2C and provide it to CVENT

    Reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=windows&pivots=b2c-custom-policy

    Hope this will help.

    Thanks,

    Shweta

    Please "Accept the answer" if above answer helps you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.