This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 74%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I created a new B2C instance and would like to grant permissions to another user in my home AAD to admin this instance (create new app registrations). How do I do this?
Assign him an application admin role such as Application Administrator or Cloud Application Administrator.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 81%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi, I'd like to do the same thing except first I must create the user to whom I'll grant the permission. I'm presented with these choices:
Which one should I choose?
Howdy. Any of the first two.
Cool, thanks!
So the first two are okay even though I'm in the B2C tenant's directory (rather than Default Directory)?
Out of curiosity (since I'm trying to learn about this stuff), why won't the last one work?
A B2C user is a special kind of Azure AD user not intented to manage tenant resources. They are tailored to login trough user flows using their username or email address but not their UPN (local ones, federated ones lack managable passwords) which might be recognized by an Azure AD (standard not B2C) application but surely won't pass the authentication process. This by design.