Share via

Azure AD B2C Signin Only that users who has gmail.com account or Any Specific Company domain and Only verified by organization (me)

Devendra Pratap 26 Reputation points
2022-03-09T10:15:45.567+00:00

we need to allow only signin from specific gmail user, and also we need to sign in from any company email id and password , we don't want to create any user account
and allowed only some specific number of user can signin with gmail.com account (Google - Identity Providers in Azure AD B2C) means user must be verified by organization (me) or organization (me) provides list of users that can signin only.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,876 Reputation points Moderator
    2022-03-09T12:05:26.983+00:00

    Hi @Devendra Pratap • Thank you for reaching out.

    I understood that you want to allow a specific set of Gmail and organizational accounts to signup and sign in to the application federated with your B2C tenant. Unfortunately, there is no out of box solution available for this purpose. There are below options that you may consider:

    1. Define a RESTful technical profile in an Azure Active Directory B2C custom policy, that makes an API call to check if the email provided by the user exists in the approved list. If it does exist, allow the signup otherwise throw a customized error message.
    2. Utilizing this custom policy sample that restricts signup from specific domains in the email address by applying a restriction using regex as mentioned below. However, in your case, it will not be possible to use regex. Apart from Regex, the only option available to apply Restriction is Enumeration which requires CheckboxMultiSelect, DropdownSingleSelect, or RadioSingleSelect. E.g., you can use Enumeration restriction to provide a drop-down list of pre-approved email addresses, out of which the user may select his/her email address to signup. (Not an ideal solution if the list is huge.) 
        <ClaimType Id="email">  
    <Restriction>  
      <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~\-]+@(outlook[.]com|live[.]com)" HelpText="Please enter a email address from one of the following domains: outlook.com, live.com."  />  
    </Restriction>  
  </ClaimType>

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.