locked
User Logins in Azure AD B2C accounts RRS feed

  • Question

  • As per Microsoft documentation following types of accounts are available in Azure AD B2C:

    Work account - A work account can access resources in a tenant, and with an administrator role, can manage tenants.

    Guest account - A guest account can only be a Microsoft account or an Azure Active Directory user that can be used to access applications or manage tenants.

    Consumer account - A consumer account is created by going through a sign-up policy in an Azure AD B2C application.

    It seems only consumer account users can login through B2C portal for an application registered in a B2C tenant. I have created a B2C tenant and registered an application. Then, I have created few Work accounts from Azure portal and consumer accounts from the B2C login page sign-up option.

    Consumer account users are able to login successfully as expected. But Work account users fail to login through the B2C login page unless they have logged in to the Azure portal. Once I have logged in to the Azure portal with the Work account with resetting password, I can log in to the application through the B2C login page with Work accounts.

    I am trying to figure out what is the logic behind this behavior. Are the Works accounts too entitled to log in through B2C login page? If so, then what I am missing in the setting for not to make the accounts enabled for log in unless a successful Azure Portal login with a password reset is performed?

    Saturday, October 27, 2018 1:21 PM

All replies

  • You can use Custom Policies to enable sign-in for work account users from a specific Azure AD. You can refer to this guide to achieve that.

    Monday, October 29, 2018 8:30 PM
    Owner
  • Thanks for your response.

    I understand that. I know I can use my existing Azure AD as an identity provider in the B2C tenant so that created or synced (from On-Premise) account users would able to log in using B2C portal. But what is the explanation of the aforementioned behavior of the Work accounts created in B2C tenant? The  B2C Work accounts created from Azure portal  can be used to log in through B2C login page for an application registered in the tenant. All is required to make a successful login in the Azure portal with the Work account and it immediately becomes sort of a consumer account without signing up from B2C login page. 

    Could you please explain this behavior?   


    Tuesday, October 30, 2018 3:22 PM