Azure AD B2C: How to restrict sign-up when using an email that should be used with the social account sign-up option (identity provider is AD)

Petja Belemezova 6 Reputation points
2022-03-01T07:25:55.5+00:00

Hi,
We have implemented the following setup with Azure AD B2C:

Users can sign-up in two ways:

  • create local account with any email they provide (with confirmation)
  • with an AD account (this external AD is registered as an identity provider)

For some reason, users sometimes register for a local account with their AD account, thus we end up having two B2C users for the same email address, but of different types (local account, other). User instructions are in place, but still we have such cases.

Is there a (technical, programmatic) way to restrict the sign up for accounts that should always go through the social sign-up button?

For example, a user has an AD account someUser@someCompany.com. This user should not be allowed to sign up with the someUser@someCompany.com to create a local account.

Thank you!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,675 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Shweta Mathur 28,031 Reputation points Microsoft Employee
    2022-03-02T15:30:26.553+00:00

    Hi @Petja Belemezova ,
    Thanks for reaching out.

    I understand that you are looking to restrict duplicate entries in Azure B2C while sign up.

    As of now, Azure AD B2C User Flow does not have policy to customize built-in Sign up flow or restrict duplicate entries.

    However, Azure AD B2C allow to use API connectors to customize the sign up with REST APIs which can be invoked before creating the user to validate the email address and restrict the duplicate user to Sign up with same email address.

    There is detailed article to use API connector to check duplicate email which you can enable before creating the user :
    https://dev.to/luperi/azure-ad-b2c-preventing-duplicate-emails-with-multiple-idens-3c5k

    Hope this will helps.

    Thanks,
    Shweta

    --------------------------------------------------------

    Please remember to "Accept Answer" if answer helped you.