I'm using Azure AD B2C Local Accounts Sign-in with custom policies.
Is there a way to intercept the username entered before validation, modify it and then continue with validation with the modified name?
I am using a single tenant for multiple organizations and by concatenating organization with username i want to create a uniqueness to resolve more then 1 user from 2+ organizations having the same username.
looking at
Transform username in Azure AD B2C authentication
did not help, am I missing something?
Thank you
Related
I have an Asp.net Core Application which is configured with AZURE AD B2C Application. Application can Sign In by any user of any tenant. After Successful Login the application with display the current user profile picture, Company name and the tenant Id of Azure Ad. I am using the custom policy. Please help.
How to add Rest API, Function to fetch the User Details and How to call the Rest API/Function in which OrchestrationStep.
Here's the context :
I have currently a Corporate Azure AD tenant (Teams, ...) and created a B2C tenant dedicated to my customers which I plan to use for my website authentication.
I guess It is the purpose of the "multi-tenant" option when registering the app but I wonder If I can limit only to the two tenants I own and not opening my website to anyone which has a Microsoft account (for what I understand reading the Microsoft documentation).
If anyone which had already set up a similar authentication process can guide me maybe or just give me some tips to do website authentication by checking if the user account is valid in one of the two tenants ?
Thank you in advance and feel free to ask if you need any more information (maybe I wasn't clear enough).
In Azure AD B2C using custom policies you can set up sign-in for Multi-tenant Azure AD which allows users from multiple Azure AD tenants to sign in, without you having to configure an identity provider for each tenant.
In the custom policy using https://login.microsoftonline.com/ as the value for ValidTokenIssuerPrefixes you can restrict access to specific list of Azure AD tenant users who can sign in.
Please refer the above mentioned document on how to sent up the configuration, as you can see in the add claim provider section how to configure multiple organizations/Tenants with the comma separator.
<Item Key="ValidTokenIssuerPrefixes">https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000,https://login.microsoftonline.com/11111111-1111-1111-1111-111111111111</Item>
Please refer documentation and samples which helps you in getting started with custom policies
Is there any way to authenticate an external user with Azure AD through GraphApi?
So far I have been able to authenticate users of the active directory with GraphApi but not the external users. I have been able to identify the invited users but I have not been able to authenticate them.
The authentication of users of the active directory is done in Azure AD. Authentication is not done with the AD on-premisse
Normally, you can use OAuth 2.0 authorization code flow or OAuth 2.0 resource owner password credential to get access token.
It works for the users of your tenant and the invited users (work accounts) from external tenants.
The sample for OAuth 2.0 resource owner password credential
I successful get a token for the invited user (jack#techlearn.top) in my tenant (hanxia.onmicrosoft.com) as following:
And I can use the access token to call the graph api to show all the users in my tenant (hanxia.onmicrosoft.com):
Is there any way to migrate users info (username, password) from SQL DB to Azure AD B2C. In Azure AD there is way to migrate user credentials using AD Connect. But AD B2C does not supports AD Connect. Can you please help is there any other alternative ways to migrate users credentials?
You can do that using the Graph API. The exact way depends on whether you have access to the user's passwords, or just a one-way hash of them.
The steps necessary are documented in the AAD B2C User migration guide.
There is no existing tool for it like AD Connect. You have to develop your own, but the documentation has a sample app that you can use as a starting point.
In my case there is already an existing tenant of an organization. We are supposed to use that AAD tenant for authentication purpose since it already has the users needed to authenticate. Howeever I do not have the Global admin rights on that AAD tenant. I can create an application on that AAD tenant. I have also created a website that uses that AAD tenant to authenticate. When I run the website in browser, it redirects to a login page. I am able to authenticate myself of that AAD tenant and can see the home page of the website. But, when my colleagues try ot login using the same url for the website, it redirects to a login page, however when they enter username and password it gives the following error:
"AADSTS90093: This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators."
Kindly suggest a solution for the issue.
Note: I am using VS 2013 for this project.
#Juan: Finally figured out the solution. You need to request the global administrator of the Azure AD to enable WS Federation for your application on the respective AD tenant.