Microsoft Entra External ID no wizard for external guests
Hello, I am setting up Entra External ID with an external tenant. Self-sign up is disabled, but invitation through the application is enabled. When someone comes from an identity provider such as Microsoft Entra ID, I want to enforce MFA (Multi-Factor…
Unable to create User flow in External tenant
It's like a nightmare to deal with this issue! I am unable to create User Flows successfully. Or some times they get created but not get listed under User flows. When I refresh the screen after minutes or an hour or so, I can perhaps see the user flows I…
Entra External ID Disabling security defaults
Hello, I am exploring the possibility of enforcing MFA for either all users or specific groups using Conditional Access in an External Tenant. However, this requires disabling "Security Defaults," which is not recommended. When I try to add the…
Corrupt Entra ID Tenant
I created an 'external' Entra ID tenancy but somehow it's now configured in an unmanageable state. This may be because of a combination of me configuring MFA and Visual Studio registering an App. The symptoms are as follows: When viewing the tenant…
How to emit some data field on azure AD JWT token
We have integrated a web client with OAuth to authenticate using Azure AD and are storing the token for later use. However, we need to exclude certain sensitive data, such as email, IP address, and name, which are not necessary for the application. Could…
How to return claims to Azure B2C Custom Policy ClaimsProvider
I have defined a ClaimsProvider, which calls an endpoint in my local flask application <ClaimsProvider> <DisplayName>External Claims Source</DisplayName> <TechnicalProfiles> <TechnicalProfile…
How to assign custom user attributes to B2C users?
I'm looking to assign custom attributes to each of my B2C users, such as job titles, to assign different permissions in my application. I've created the custom attribute "JobTitle" in B2C, but I don't know how to assign individual users a…
AADSTS500208: The domain is not a valid login domain for the account type.
Hi, I have MS Entra External ID preview tenant created. However, I noticed that I cannot authenticate successfully with the local account. Below I provide more details. I would be grateful for help/hints. Describe the bug When I try to login with…
unable to find the kid in the list of keys to validate the id token
I am getting id token once i click on the user flow in azure ad b2c. Now i simply need to validate that id token using the kid from the token header But I cannot find key ids in discovery/keys url which matches with the kid of token header. I have…
Entra External ID: Impossible to implement displayName=givenName+surname?
I have a very simple use case in Microsoft Entra External ID for Customers which seems to be impossible to implement: I want to automatically fill the displayName user-attribute on signup submit. On signup, the users email-address, givenName and…
WAM with google authentication
Hello We know that google has deprecated web-view sign-in support. So if app authenticates users with an embedded web-view and you're using Google federation with Entra B2B for external user, Gmail users won't be able to authenticate. Would…
Using main Azure Active Directory login for separate Azure AD B2C login via API Management Portal
My company has a main Azure Active Directory of our in-company users as well as a directory for Azure AD B2C for outside users. My API Management service as of right now only accepts logins via Azure AD B2C. I was wondering if it would be possible for…
How to add OpenID connect identity provider to Microsoft Entra External ID? I see only SAML/WS-Fed option.
Looks like there should be an OpenID connection option. How can I add entra ID multitenant provider here?
Entra Custom Authentication Extensions to Function App in a Private vNet
I have gone through the documentation on setting up a custom authentication extension, and have built a function app and configured all the parts for making a call into my function app endpoint for the On Token Issuance Start event. My function app is…
Azure AD B2C Sign in with google generates 'invalid_grant' for specific users for non gmail domain users.
We are getting error "We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later". for some users. Sign in with google feature is working for all @gmail.com domains but when it comes to other domains…
Request_BadRequest returned when trying to assign Custom Attributes to B2C Users
I created a new custom attribute for my B2C users, as I want to assign them a string value associated with their account with this custom attribute. The value will be read with their token and passed through to my application. I've been able to obtain…
We encountered an 'invalid_grant' error connecting to the identity provider. Please try again later
Category : Azure AD B2C We have added federated login(Sign in with Google) to our application. Google IDP is working well for users having @gmail domain users but non gmail users , some of the users we are getting below error. "We encountered an…
B2C Sign Up Issue in Azure API Management Developer Portal
Hello, I'm encountering an issue with my API Management developer portal. Currently, the portal only permits sign-ins and sign-ups via B2C. Previously, I successfully tested the sign-up and sign-in system. However, after updating the gateways for both…
Entra ID - OIDC BFF pattern - does not work
Hi, I have a blazor hybrid app with both webassembly and server. Currently I'm using the oidc flow with b2c (https://learn.microsoft.com/en-us/aspnet/core/blazor/security/blazor-web-app-with-oidc?view=aspnetcore-8.0&pivots=with-bff-pattern) and…
Unable to logout from External Identity Provider (SAML 2.0)
Hello All, I am working on React Application which will support multi-IDP logins, i am using MSAL library to implement I have configured below IDP SAML 2.0 using Microsoft External Identities. SAML for Okta SAML for OneLogin SAML for Google Suite I…