Azure Ad-b2c Custom Policies Auto-link on signup

Tiago C 0 Reputation points
2024-11-14T10:48:44.0333333+00:00

Azure B2c provides a lot of samples for custom policies, this case the one that I am trying to implement is the following: https://github.com/azure-ad-b2c/samples/tree/master/policies/auto-account-linking

This is my version of the AccountLinkExtensions.xml: https://pastebin.com/WGerhQkZ

In my version I removed the steps of "HandleLinkLocalToSocial" subjourney from 1 to 7.

For the sake of simplicity, ignore the microsoft and twitter implementation (twitter for now does not work).

Current Behavior:

---Google---

  • SSO with google account will merge with existing local account if the email is the same
  • If local account doesn't exist, create a local account and link it to the google account, using the email address as a "primary key".

---Apple---

*SSO with Apple account, creates a new local account linked to apple account regardless if there is already a local account. This means the same local account will exist linked to apple and standalone if the local account already existed.

Expected Behavior:

  • When doing SSO with a IDP, it will merge with the existing local account.
  • If local account does not exist, create a local account and link it to the idp (using email address as "primary key").

Basically I am confused on why with my current implementation, the Apple SSO behaves differently from the Google SSO

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,437 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 30,021 Reputation points Microsoft Employee
    2024-11-18T05:19:25.19+00:00

    @Tiago C

    Thanks for reaching out.

    • Check the email claim returned by Apple and ensure it matches the local account. This can be done using Application Insights logs or by adding a ClaimsTransformation to output claims for debugging.

    Please check the configurations of the claims returned by Apple and if they are being mapped correctly for account linking.

    Thanks,

    Shweta

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.