B2C Issuer Claim URL with Policy ID

Syed Palayathar 461 Reputation points

Good Morning Team

I have created a B2C tenant and used built-in and custom policy to authenticate consumer users to Dynamics 365 web portal.

Built-in user flow while accessing Dynamics 365 portal app is working fine and it has the following issuer url


However, the flow using custom policy shows an error [Unable to retrieve document from: '[PII is hidden]'.] that is pointing towards issuer uri. The issuer uri for this custom policy is

I understand that Issuer(is)claim property identifies the Azure AD B2C tenant that issued the token. The default value is https://<domain>/{B2C tenant GUID}/v2.0/. However, the value of https://<domain>/tfp/{B2C tenant GUID}/{Policy ID}/v2.0/ includes IDs for both the Azure AD B2C tenant and the user flow that was used in the token request.

It seems that Dynamics 365 portal apps requires this format https://<domain>/tfp/{B2C tenant GUID}/{Policy ID}/v2.0/. How would I change the custom policy so that the issuer uri will be of the above format with Policy ID in it?


Azure Active Directory External Identities
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 55,236 Reputation points

    Hi @Syed Palayathar · Thank you for reaching out.

    In order to get the value of Issuer claim in https://<mytenantname>.b2clogin.com/tfp/<TENANTID>/b2c_1_signin/v2.0/ format, you need to add below metadata key to the <TechnicalProfile Id="JwtIssuer">, which is by default in the trustframeworkbase file.

    <Item Key="IssuanceClaimPattern">AuthorityWithTfp</Item>


    Below is how the Issuer claim in the token looks like afterwards:


    When this key is not added default value taken is AuthorityAndTenantGuid which is why tfp and the policy names are not included in the issuer claim.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    No comments