Is there a way to switch the user account inside a group of users in azure b2c? The goal is to have a ux similiar to the netflix or disney+ family account feature.
Related
I am new to dynamics portals and want to implement authentication for external users using Azure B2C Authentication.
I followed the below link and was able to configure B2C.
https://learn.microsoft.com/en-us/power-apps/maker/portals/configure/configure-azure-ad-b2c-provider
Question -
How can I limit the user creation only for the organisation i am targetting.
Foreg - If i am creating this portal for XYZ Company and I only want users from this organization to signup on the portal. How can i achieve this?
So that i do not get unnecessary contacts in my portal
To break the problem down, all I am trying to do is use a security key (FIDO2 security key) with my Microsoft account (hotmail) to log into my PC. Does anyone know how I can best do this?
Details of my attempt using Azure AD:
I have an AAD tenant where security keys have been enabled for all users. When creating a user in AAD, setting up the key for that user in http://myprofile.microsoft.com/ and then AAD joining my PC, I can login to my PC with the registered security key to that particular account.
However, if I invite an external user with a regular "#outlook" or "#hotmail" account to my AAD, I cant login to http://myprofile.microsoft.com/ since this user is not added to the "Microsoft Services" tenant and can not access application '19db86c3-b2b9-44cc-b339-36da233a3be2'(My Access). Instead I tried setting up the security key in account.microsoft.com for microsoft accounts.
Since my PC is AAD joined with the AAD user, the security option is there during login and with that I tried signing in to my "#hotmail" account on my PC with the security key I set up for that account. That seemed to initially work until it finally said "You can't sign in with this account. Try another account"
Does anyone know how to set up security keys for regular microsoft accounts or how to possibly add an external to the 'Microsoft Services' tenant?
Thanks!
Currently only work or school account is supported for azure ad joined devices. The guest Microsoft account is not supported.
If you have a pc which is not azure ad joined you can login to that pc with Microsoft account. You can check the detailed information from this article
We have single page app (Angular front end and .NET Core Web API) using Azure AD for authentication. Both front end and and Web API are registered in the same tenant and WebUI has permissions to call the Web API. This Web API uses a few other internal Web API's as well.
We have a new requirement in the app to allow access to certain areas of the app to external users who need to register first. So now the app need to authenticate both existing AD Users plus external users.
My question is if this is possible in a single application? And if yes what is the recommended approach for authenticating both corporate and external users?
As you need to use register feature, you will need to use Azure AD B2C, and it supports multi providers for a valid user flow.
For example, if you want azure ad users and external users to use your application. You can choose OpenID Connect(Azure AD) and Local Account(or other social accounts). In the login page, users can choose to sign up or use Azure AD account to login directly.
Steps:
Just keep your Wep Apps and api apps in the existing tenant. You need to create a Azure AD B2C tenant, create a user sign up/in flow, configure the providers for the user flow.
Reference:
Create B2C tenant
Create user flow
Add identity providers
Configure your original Azure AD application to the identity provider
So, Azure AD has me a bit confused and I'm wondering if I need Azure AD B2C or not for what I'm trying to accomplish.
I'm setting up a asp.net core mvc entity framework webapp with the intention to sell subscriptions to users. These users can log in, add data and invite other users to join their group where they then can be assigned a role.
Am I right to think that I need to set up a B2C single tenant and use the Graph api to code groups and roles? Or can azure do this for me? Basically, what's best practices for setting up this kind of user/payment model?
I need help integrating Azure AD B2C and Google APIs. Briefly, I created a tenant on Azure AD B2C, policies and a Native App. Users can register to my app and sign in without any problems. Now I need to use Google APIs to access the logged-in account's information and manage some information (Google MyBusiness data). How can I achieve that. Is that possible ?
Furthermore, even if that is not connected to Azure AD B2C, how can I request to the user to accept that my app to view MyBusiness data?
UPDATE: I understand that I need to authorize my app to https://www.googleapis.com/auth/plus.business.manage Google scopes. Is it possible to request that scope during Google SignIn application authorization process?
Thanks everyone.
As part of the authentication exchange between Azure AD B2C and Google (as well as other identity providers), an access token is issued by Google for use by (and only by) Azure AD B2C, where this access token is used by Azure AD B2C to access the authorized information for the authenticated end-user.
Currently, Azure AD B2C does not pass this access token through to the relying party application (i.e. your native client application), therefore applications can't access the information for the end-user.
UPDATE on 20 June 2019
Using a custom policy, you can pass the access token from the external identity provider through Azure AD B2C to your relying party application.
From the official Azure AD B2C FAQ:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-faqs
Can I configure scopes to gather more information about consumers from various social identity providers?
No, but this feature is on our roadmap. The default scopes used for our supported set of social identity providers are:
Facebook: email
Google+: email
Microsoft account: openid email profile
Amazon: profile
LinkedIn: r_emailaddress, r_basicprofile