What I want to achieve

I'm building a web app with an SPA front end that will be hosted in Azure and which will use Azure AD authentication.

I want all users from my main tenant to be able to access the app without having to be invited.

I want to be able to invite external users to access the app.

My plan

Create a B2C tenant in single tenant mode. External users will be invited to this.

In the B2C tenant create a custom sign up policy that permits only users in the main tenant to sign themselves up to the B2C tenant.

Questions

Will this work?

Is this the best approach?

What I want to achieve

I'm building a web app with an SPA front end that will be hosted in Azure and which will use Azure AD authentication.

I want all users from my main tenant to be able to access the app without having to be invited.

I want to be able to invite external users to access the app.

My plan

Create a B2C tenant in single tenant mode. External users will be invited to this.

In the B2C tenant create a custom sign up policy that permits only users in the main tenant to sign themselves up to the B2C tenant.

Questions

Will this work?

Is this the best approach?

• azure
• azure-active-directory
• azure-ad-b2c
• azure-ad-b2c-custom-policy
• microsoft-entra-external-id

Share Improve this question Follow edited Jan 29 at 13:38 Neutrino asked Jan 29 at 11:46 NeutrinoNeutrino 9,7451010 gold badges6666 silver badges9999 bronze badges 4

• 1 Refer this SO thread and let me know it is useful or not – Pratik Jadhav Commented Jan 29 at 12:28
• I didn't provide enough info. My web app is an SPA. That example is just enforcing the tenant whitelist in the web app. That's fine if it's a server side web app, but you can't do that in an SPA. – Neutrino Commented Jan 29 at 13:37
• you could just use external ID in your main tenant: learn.microsoft/en-us/entra/external-id/… – Thomas Commented Feb 2 at 3:50
• True, but I don't want external users in my main tenant. These external users aren't collaberating with us directly, we are just giving them access to some specific applications. – Neutrino Commented Feb 2 at 17:06

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

If by invite you mean send an email, B2C out of the box does not have an invite feature.

You'd have to write this yourself and use your own email provider.

In terms of whitelisting, refer to the B2C samples here, here and here.