Hello @VenkataPabbisetty Not sure if I understood your requirement correctly. From your statement:
"all new AD requests should be tied to B2C master tenant and should be able to do SSO with B2C supported identity providers and provision users from AD to B2C and then to an external application"
I understood that you want new user request should go to B2C tenant, which should use the Azure AD tenant as Identity Provider, do SSO and provision user from that Azure AD tenant to B2C tenant.
If that is the case, you can refer to below document for adding Azure AD tenant as IDP in your B2C user flow:
- Using built-in user flow: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant
- Using custom policy: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant-custom?tabs=app-reg-ga
Note: SSO would depend on whether user has cookies in the browser session or if the device has PRT to perform SSO. If you don't have these, there won't be SSO.
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.