This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(16, 41%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I'm a bit confused with how some of the Identity options work in the new CIAM External Identities tenant. Let's say I have some customers who want to access my applications using Local accounts (email), and others who want to authenticate using either their Entra ID, or Microsoft Accounts.
If I allow users to self service register, then there appears to be no options for using Entra ID or Microsoft Accounts as their was in the B2C tenant.
If I only create accounts administratively, then it appears to be that I need to make guest accounts for everybody. As it wouldn't be clear looking at an email, if that person would need a local account or not. If I end up going this route, then what are the benefits of using a CIAM tenant? (Since I wouldn't have any Customer objects) Ideally there would be some reporting or self-service user flows available to Customers of some kind (like the B2C edit my profile flow)
[UPDATE] As an example, the old B2C tenant had Microsoft Account on the User Flows IDP Selection List
But the new CIAM tenant doesn't have this. So where is the parity?
Side Question 1: It appears that both user types can use the user flows for sign in, which appears good. But are there issues with having Guests using External Identities User Flows? It feels off, but perhaps I'm too used to B2C.
Side Question 2: Is it possible to have the customers authenticate to marketplace SaaS apps? Or can customers ONLY authenticate using the External Identities User Flows?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Jeremy ,
Thanks for reaching out.
Since this feature is still in preview and continuously evolving, our product team is actively working on integrating Microsoft and Entra ID Federation into Microsoft Entra External ID soon.
However, at this moment, we don't have a specific timeline for its release.
Thanks for your time and patience.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 13%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBB%3C/text%3E%3C/svg%3E)
Hello Jeremy,
Thank you for posting this in the Microsoft Q&A Community.
From my understanding, you would like to know how the user flow works in Entra ID B2B works.
Please note that this is strictly for guest accounts and not a CIAM type of Identity management. Entra ID B2B is a business-to-business collaboration as against Azure B2C which gives customers the ability to authenticate to your application with their preferred identity provider and also gives them the ability to create a local account. The type of account created within the Azure B2C for customers using the user flow is known as a consumer account. This consumer account cannot manage any Entra ID objects.
In Entra ID, users that authenticate using the Self Service Sign-up are created as a Guest account in the tenant and can manage tenant Objects with the right permissions assigned to them.
When creating a sign-up, you can add External Identity Providers as it is in Azure B2C.
Follow this link to get more information on how to configure this...
Let me know if this answers your question.
Babafemi
Wait, I think you're confusing me further now.
Are you trying to say the the External Identities > User Flows are for B2B 'Guest' users, not Customer users?
Customer:
If so, where are the self-service flows for Customers? (in the old B2C tenant they were under Azure AD B2C User flows:
The B2C tenant let me add a Microsoft Account in addition to social IDPs for the flow:
But this new tenant doesn't seem to have this option. So I'm wondering where the parity is?
Hello Jeremy,
Thank you for the clarification.
Based on the screenshot, you are referring to Azure B2C and not Azure B2B. In Azure B2C you can create a userflow that includes the option of users authenticating using a Local account and also External Identities like Microsoft and Azure Active Directory (Entra ID).
To do this, you need to first set up the External identity before you can add it to your user flow.
Once you have done the set up, you will have the option to add the providers to the user flow.
Let me know if further assistance is needed.
Babafemi
No, I know how to do everything I want in the B2C tenant. One thing that might help me understand is: In the new External (CIAM) Tenant, how can a Customer sign-in with a Microsoft Account... or is there some kind of false assumption I have with this tenant?
Hello Jeremy,
For External (CIAM) tenants, there are still limitations regarding the kind of External Identities that can be added.
Only Google and Facebook Identity work with External Tenant for now. Microsoft Account authentication is currently not supported. However, users with work or school accounts ( Entra ID accounts) can also authenticate after signing up via a Local account.
Follow these links to get more information...
Let me know if further assistance is needed.
Babafemi
Yes, I understand this. But,