question

Adrian-7219 avatar image
0 Votes"
Adrian-7219 asked azure-cxp-api edited

How do I create a user to whom I can grant permission to admin a B2C instance

I have an Azure Active Directory B2C instance and need to grant permissions to another person to admin this instance (create new app registrations, etc.). First, I must create the user to whom I'll grant the permission. I'm presented with these choices:

67177-image.png

Which one should I choose?

When answering, keep in mind that this is in the B2C's directory. Let me know if I should switch to the Default Directory before performing the add user action.


azure-ad-b2c
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JitendraRai-2073 avatar image
0 Votes"
JitendraRai-2073 answered Adrian-7219 commented

Thanks Adrian. I would recommend to follow this document to create a new user. (https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-users-azure-active-directory).

Adding new user with B2C tenants is recommended to have either invite users and signup user with domain associated with B2C tenants to operate on.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @Adrian-7219 , have you seen this update? Do you have any follow-up questions?

0 Votes 0 ·

@JamesHamil-MSFT Yes, I have follow-up questions on your answer. This answer was valuable insofar as leading me to this relevant doc.


0 Votes 0 ·
JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered JamesHamil-MSFT commented

Hi @Adrian-7219 , you can either create a user or B2C user, and then make them a global administrator. Please let me know if you need any help doing this.

Best,
James


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @JamesHamil-MSFT !

That's interesting that a B2C user would be okay, too. I read elsewhere that a B2C user is a special kind of AD user that's not intended to manage tenant resources and so not an option. Was that an incorrect assessment?

As for the option to create a standard AD user in the B2C tenant's directory, it feels counterintuitive so please confirm that, when you say it's an option, you understand I'm in the B2C tenant's directory (not Default Directory).

Perhaps it doesn't matter but want to double-check... In the B2C tenant directory, should I click the New user button under Azure AD B2C or the one under Azure Active Directory? That is (see following screenshots),

67218-image.png

versus
67219-image.png

0 Votes 0 ·

Hi @JamesHamil-MSFT, could you please follow up with an answer to my previous comment? Thanks.

0 Votes 0 ·

Hi @Adrian-7219 for this I would follow the document that Jitendra posted, so option 2 where you add a new user under your company's name. Creating a standard AD user should be no issue. This thread details some of the questions you may have about the differences of AD and B2C. Please let me know if I can help further!

Best,
James


0 Votes 0 ·