Creating custom extension in Entra ID Lifecycle Workflows gives error
Hi All, I am having problems creating a custom extension (logic app) in Entra ID Lifecycle Workflows. Filling in all the info and clicking on create results in the following error Deployment template validation failed: 'The following parameters were…
How to access database by External Datasource using Service Principal Name(SPN)
I am seeking a solution for cross-database access via an external data source using Service Principal credentials. Specifically, I want to perform Transact-SQL queries from one database to another using Service Principal credentials. To achieve this, I…
Use Username instead of E-mail in User Flow
In Microsoft Entra External ID, how do we use a username or phone number in a userflow? When adding a new user, we can add a username; but we don't have it as an option in user flows, like we do in Azure B2C. It seems this is missing in Entra External…
'AADSTS500207: The account type can't be used for the resource you're trying to access' error when trying to access custom scope in an External Tenant
Hello, I am having issues when trying to sign into my External tenant and specifying a custom scope. The error happens when I am making use of the MSAL library but also when attempting to authenticate with Postman or Insomnia. I have set my authority to…
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
"Requests from this IP are not allowed" Entra ID - external identities sign in/sign up user flow
I created two sites by following each tutorial article below to create a sign up / sign in user flow: https://learn.microsoft.com/en-us/entra/external-id/customers/tutorial-single-page-app-angular-sign-in-prepare-tenant …
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
Clarification on B2C Charging and Monthly Active Users
My API currently uses B2C to manage our external users, and I'm wondering about the costs of B2C and how it works. We have a different directory to manage these users, and when we try to access anything related to the cost, we get a message that says…
Rest API technical profile for Azure AD B2C bad request handle
Hi all, We're using a Technical Profile to call Rest API in custom policies for Azure AD B2C. This call sometimes fails due to token change and it's optional to call this to send analytics event, so we would like to handle the Bad request and Ignore the…
![](https://techprofile.blob.core.windows.net/images/SbBXW6wumkK4XgZSyURk4A.png?8D926C)
Is it possible to federate a Workforce tenant with a Customer tenant to achieve SSO for corporate users?
We are developing a customer facing SPA integrated with an External Entra ID tenant and this app will be accessed by corporate users hosted on a Workforce tenant. We haven't been able to find a way to use the Workforce/Corporate credentials for SSO when…
Unable to invalidate refresh token Azure AD B2C
We use a Python CLI application and we want to invalidate the refresh token after the logout. We have tried to use InvalidateAllRefreshTokens method from the Microsoft Graph API. We get 200 responses instead of 204, as it is stated in the official…
SSO Azure B2B External Tenant - Enable OTP+MFA if User is already using Azure
Hello Team, For SSO Entra External ID, how can we enable MFA+OTP option in case the customers are already on Azure/Entra? For example - We have our app setup on Microsoft Entra External ID and want to onboard customers for Non-Federated access with Email…
Entra ID External invitation failed
Since yesterday, I can no longer invite external users. I have Invitation failed Failed to invite xxxx@xxx.com to the YYYYYY directory. Or User invitation failed Insufficient privileges to perform the operation. But i have all admin roles and rights Can…
How to call Technical Profile only during SignUp for B2C Custom Policies?
I am using a SignIn SignUp flow for custom policy. I am wanting to call an API to send out email, firstname, lastname only when the user is signing up, not when they are performing a normal sign-in. How do I do this using a Precondition? Here is a…
Authorization broken: .well-known/openid-configuration endpoint issuer does not match the issuer in the token
All of our Entra External ID tenants are currently broken. You have introduced a change that breaks the "iss" field from access token (or the .well-known/openid-configuration is wrong...). We are validating this field in our backend, and the…
Why Are Successful Local Account Sign-Ins Not Appearing in Azure B2C Sign-In Logs?
I have an App Services Web App that uses Azure B2C to handle authentication and account management. Only local account sign-in is configured, so the user's credentials are validated each time for the user to be able to sign-in. SSO is not activated. Some…
Azure B2C: Phone number has bad reputation, blocking
Dear Azure-Community-Team, Our customers encounter the same issue as the one provided in the following URLs https://learn.microsoft.com/en-us/answers/questions/1300565/azure-b2c-unblock-phone-number-phone-number-has-ba…
Azure AD B2C Custom Policy as a Federated Identity Provider in AWS Cognito User Pool
I have an Azure AD B2C Custom Policy defined with OpenId Connect. I ahve four custom claims added in the policy and they correctly appear in the response (id_token) of the policy when tested using the B2C Custom Policy 'Run Now' menu in Azure portal. I…
Is it possible to federate a Workforce tenant with a Customer tenant to achieve SSO for corporate users?
We have a customer facing SPA integrated with an external tenant and we need corporate users hosted on a Workforce tenant to access the app using SSO with their corporate credentials. Is this something that can be achieved as you would do in…
How to call REST API only during Signup inside Azure AD B2C Custom Policy( Social and Local Accounts)
Hi All, We want to call Rest API inside Azure B2C custom policies(SignUpandSignIn) during Local Account or Social Account SingUp only and skip during SignIn. Could you please let me which claims can I use in Pre-Condition in Orchestration Step to…
Azure B2C custom template update not picked up
I have some custom policies I use in my azure b2c client. I made updated to my B2C_1A_TRUSTFRAMEWORKBASE.xml and I uploaded it. When I download it again, it reflects my updates. But when I run my custom policy, I can see it doesn't use my…
MSAL in .NET 4.8 framework getting null reference error during running embedded browser
I am getting this error in MSAL library for .net for publicclient application microsoft.identity.client version 4.60.3.0 microsoft.identityModel.abstraction. 6.35.0.41 I have entered authenticator code 2 digits number in embedded browser 3 to 4 times…