We have a Custom Policy in Azure AD/Entra B2C that enables Azure Active Directory (AAD) as a Social Login. We are now trying to configure AAD as a Custom Identity Provider (IDP) (via OpenID Connect) so we can move away from maintaining custom policies and use the predefined/configure polices provided by Microsoft Azure. I was able to successfully setup the custom IDP and tested it with a User Flow.
The problem I face is when I sign-in with the Custom IDP, it does not pick up my existing AAD registration/account that signed-up using the old custom policy. I am using the same App Registration, the only difference I can find in the setup is the metadata URL:
- Custom Policy .0/.well-known/openid-configuration
- Custom IDP .0/.well-known/openid-configuration
But trying to setup the Custom IDP with the old custom policy metadata URL gives an error:
The metadata URL ... is not allowed as and endpoint.
Why does B2C not pick-up the existing account? Is there a way to move use the Custom IDP without forcing our users to sign-up again?
We have a Custom Policy in Azure AD/Entra B2C that enables Azure Active Directory (AAD) as a Social Login. We are now trying to configure AAD as a Custom Identity Provider (IDP) (via OpenID Connect) so we can move away from maintaining custom policies and use the predefined/configure polices provided by Microsoft Azure. I was able to successfully setup the custom IDP and tested it with a User Flow.
The problem I face is when I sign-in with the Custom IDP, it does not pick up my existing AAD registration/account that signed-up using the old custom policy. I am using the same App Registration, the only difference I can find in the setup is the metadata URL:
- Custom Policy https://login.microsoftonline/common/v2.0/.well-known/openid-configuration
- Custom IDP https://login.microsoftonline/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0/.well-known/openid-configuration
But trying to setup the Custom IDP with the old custom policy metadata URL gives an error:
The metadata URL ... is not allowed as and endpoint.
Why does B2C not pick-up the existing account? Is there a way to move use the Custom IDP without forcing our users to sign-up again?
Share Improve this question edited Mar 25 at 0:56 PGHE asked Mar 24 at 22:50 PGHEPGHE 2,10216 silver badges25 bronze badges1 Answer
Reset to default 0I asked this question three years ago :-)
"The reason is, the Issuer used in user flow is different to custom policy."
Update
You need to display all the user attributes e.g. this. The original seems to have disappeared.
Display the attributes for a user created by a custom policy and a user created by a user flow.
If you see an identity difference, then run a Graph API update on the custom policy users to fix this.
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744224876a4563957.html
评论列表(0条)