Is it possible with Azure AD B2C to sign into the directory with a local account without signing into an application?

Question

Is it possible with Azure AD B2C to sign into the directory with a local account without signing into an application?

Geoffrey van Wyk 21

With regular Azure AD, a user can sign into the directory by visiting https://myapplications.microsoft.com . They are then presented with a grid of applications that they can sign into with a single click.

Is this also possible with Azure AD B2C?

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-11T14:04:46.91+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

2 answers

Your answer

Anshul Kumar (MINDTREE LIMITED) 6 Reputation points

2021-10-11T14:04:46.91+00:00

Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.

Answer 1

AmanpreetSingh-MSFT 56,871 Moderator

Hi @Geoffrey van Wyk · Thank you for reaching out.

You can sign into https://myapplications.microsoft.com portal using B2C local user account and will be presented with a grid of applications but when you click on the application icon, it will not redirect you to authenticate with B2C user flow or custom policy. My Apps portal can only perform IDP initiated sign-on for the applications federated directly with Azure AD and not with Azure AD B2C via user flow or custom policy.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Geoffrey van Wyk 21 Reputation points

2021-07-23T07:47:47.577+00:00

Thanks @AmanpreetSingh-MSFT . So far I have created B2C users that sign in with email addresses. I will try with the regular AD user.
AmanpreetSingh-MSFT 56,871 Reputation points Moderator

2021-07-23T12:03:19.823+00:00

Hi @Geoffrey van Wyk · If the application can only authenticate by redirecting to https://yourb2ctenant.b2clogin.com/yourb2ctenant.onmicrosoft.com/b2c_1_policyname_oauth2/v2.0/ regular Azure AD users will not work as well.
Geoffrey van Wyk 21 Reputation points

2021-07-23T16:02:40.363+00:00
When creating a new user there are two options besides inviting:

Create a user

Create Azure AD B2C user

With a user created with option 1, I can log in to https://myapplications.microsoft.com, but with a user created with option 2 that can sign in with email address, it says I cannot sign in with a personal account. This makes sense, because it cannot link me to the correct tenant with just any email address.

When I create a user with option 2 and make the domain of the email address the domain of the tenant, I get the error "Something went wrong. Refresh the page to try again.".

With a user from option 2 with a regular email address, I can sign in to my application linked via custom policy, but not with a user created with option 1.

Am I correct to say that with B2C users can only sign in to applications but not to Active Directory?

Answer 2

"You can sign into https://myapplications.microsoft.com portal using B2C local user account and will be presented with a grid of applications but when you click on the application icon, it will not redirect you to authenticate with B2C user flow or custom policy. My Apps portal can only perform IDP initiated sign-on for the applications federated directly with Azure AD and not with Azure AD B2C via user flow or custom policy."

@AmanpreetSingh-MSFT , Thanks Aman, Does this mean, I'll have to register my SAML application twice?

Azure AD B2C app registration using custom policies for SP initiated sign-in.
Azure AD Enterprise app registration using built-in SAML SSO registration for accessing the application thru https://myapplications.<custom domain name OR microsoft>.com app grid tiles?

Share via

Is it possible with Azure AD B2C to sign into the directory with a local account without signing into an application?

2 answers

Your answer