Hello @Manuel T,
Apologies for the delay.
Based on your description, I understand that you are experiencing inconsistent behavior with the CIAM login screen. When using the default domain name (e.g., .onmicrosoft.com
), the login screen displays as expected. However, when accessing via a custom domain (e.g., contoso.com
), the login screen includes the "Sign-in options" feature.
This issue is unrelated to whether a default or custom domain is being used. It stems from changes made on Microsoft's end and is affecting all CIAM tenants. I reached out to the product engineering team about this behavior. They have identified the root cause and confirmed that a fix has been developed. The complete fix is scheduled to be rolled out to all tenants next month. Until then, this behavior will persist when isSignUpAllowed: false
is configured for user flows.
In the meantime, you can apply the following workaround to prevent the "Sign-in options" feature from appearing on the CIAM login page:
- Log in to Graph Explorer using your CIAM tenant credentials.
- Send a GET request to:
https://graph.microsoft.com/v1.0/identity/authenticationEventsFlows
Ensure you have granted consent to the permission EventListener.ReadWrite.All
.
- Once you run the query, you’ll receive details of all user flows, including their IDs. Copy the flow ID associated with your custom domain login.
- Send a PATCH request to the following endpoint, replacing
b6a0f740-2916-40a1-8c27-xxxxxxxxxxx
with your flow ID:
https://graph.microsoft.com/v1.0/identity/authenticationEventsFlows/b6a0f740-2916-40a1-8c27-xxxxxxxxxxx
Use the following payload in the request body:
{
"@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",
"onInteractiveAuthFlowStart": {
"@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",
"isSignUpAllowed": false
}
}
This will enable isSignUpAllowed: true
for the custom domain user flow, preventing the "Sign-in options" feature from appearing on the login page. Please use this workaround temporarily until the rollout is complete.
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Thanks,
Raja Pothuraju.