signed in user session persists and dont sign in to Azure AD B2C with different email(mentioned in invitation url)

Code Bit 81 Reputation points
2021-06-16T05:33:26.77+00:00

i have a relying party application(web application) registered in AAD B2C and i am inviting the users to my groups in my tenant, for that, i sent the invitation url to them and user signup/sign in and enter in my application.
this process works perfectly if i test this flow in incognito window, but it saves my (inviter) credentials and on even clicking the invitation link this link dont sign up with the email mentioned in invitation rather it signs in with the already signed in(inviter) account.

any help would be much appriciated.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,837 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,556 Reputation points
    2021-06-17T12:49:42.18+00:00

    Hi @Code Bit · Thank you for reaching out.

    In order to avoid SSO, you can use the Prompt parameter of OAuth protocol. By adding &prompt=login at the end of the Invitation URL, you can force the user to provide credentials and do an interactive sign-in.

    Prompt Indicates the type of user interaction that is required. Possible values at this time are:

    1. prompt=login will force the user to enter their credentials on that request, negating single-sign on.
    2. prompt=none is the oppositeit will ensure that the user isn't presented with any interactive prompt whatsoever. If the request can't be completed silently via single-sign on, the Microsoft identity platform will return an interaction_required error.
    3. prompt=consent will trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
    4. prompt=select_account will interrupt single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.