How do I create a B2C user that is federated through a specific Azure AD account with the Microsoft Graph API?

Question

I have users in an Azure AD account.
I created a B2C tenant that can create email-password users and federate users from my Azure AD account.

I only want to create B2C users through the Microsoft Graph API and then allow the users to sign in using a sign-in user flow. Creating the email-password users is fine, but I'm having troubles using the Microsoft Graph API to create the federated Azure AD users. The closest suggestion I've come across was to use a request like this:

{  
  "displayName": "John Smith",  
  "identities": [  
    {  
      "signInType": "federated",  
      "issuer": "https://login.microsoftonline.com{AAD tenant_id}/v2.0",  
      "issuerAssignedId": "<AAD User's Object ID>"  
    }  
  ]  
}  

But when I attempt to sign in I get the error: "AADB2C99002: User does not exist. Please sign up before you can sign in."

Is there a way to do this with the Microsoft Graph API, and can the user being added be referenced by username/email in Azure AD?

Answer 1

Hello @Lance Klinger , the recommended way to create B2C users is trough user flows or custom policies, however you might try doing it through MS Graph:

HTTP POST https://graph.microsoft.com/beta/users

   {  
       "displayName": "<SOME VALUE>",  
       "identities": [  
           {  
               "issuer": "https://login.microsoftonline.com/<FEDERATED AZURE AD TENANT ID>/v2.0",  
               "issuerAssignedId": "<FEDERATED AZURE AD USER OBJECT ID>",  
               "signInType": "federated"  
           }  
       ]  
   }  

Let us know if this answer was helpful to you or if you need additional assistance. If it was helpful, please remember to accept it and complete the quality survey so that others in the community with similar questions can more easily find a rated solution.