Azure AD B2C Signin Only that users who has gmail.com account or Any Specific Company domain and Only verified by organization (me)

Devendra Pratap 26 Reputation points
2022-03-09T10:15:45.567+00:00

we need to allow only signin from specific gmail user, and also we need to sign in from any company email id and password , we don't want to create any user account
and allowed only some specific number of user can signin with gmail.com account (Google - Identity Providers in Azure AD B2C) means user must be verified by organization (me) or organization (me) provides list of users that can signin only.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,636 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,306 Reputation points
    2022-03-09T12:05:26.983+00:00

    Hi @Devendra Pratap • Thank you for reaching out.

    I understood that you want to allow a specific set of Gmail and organizational accounts to signup and sign in to the application federated with your B2C tenant. Unfortunately, there is no out of box solution available for this purpose. There are below options that you may consider:

    1. Define a RESTful technical profile in an Azure Active Directory B2C custom policy, that makes an API call to check if the email provided by the user exists in the approved list. If it does exist, allow the signup otherwise throw a customized error message.
    2. Utilizing this custom policy sample that restricts signup from specific domains in the email address by applying a restriction using regex as mentioned below. However, in your case, it will not be possible to use regex. Apart from Regex, the only option available to apply Restriction is Enumeration which requires CheckboxMultiSelect, DropdownSingleSelect, or RadioSingleSelect. E.g., you can use Enumeration restriction to provide a drop-down list of pre-approved email addresses, out of which the user may select his/her email address to signup. (Not an ideal solution if the list is huge.) 
        <ClaimType Id="email">  
    <Restriction>  
      <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~\-]+@(outlook[.]com|live[.]com)" HelpText="Please enter a email address from one of the following domains: outlook.com, live.com."  />  
    </Restriction>  
  </ClaimType>

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest