I have an azure domain, let's say contoso.com and azure b2c contosob2c.onmicrosoft.com
I would like the "Local Account" login username and password textboxes, of contosob2c.onmicrosoft.com, to accept the credentials of contoso.com and authenticate the user directly without seeing the login ui of contoso.com
Is this possible? If so, how should I proceed?
Thanks,
Huy
Please let us know if the reply below helped resolve your question. If so, please remember to "mark as answer" so that others in the community facing similar issues can easily find a solution.
When you create/sign-up for a Local Account in B2C directory, a new account gets created which requires you to specify a new account password. Local accounts in your B2C directory cannot authenticate from contoso.com tenant.
What you can do is, add contoso.com tenant as IDP to your B2C tenant as explained here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant-custom
You can specify domain_hint=contoso (depending on what domain name you specify in the claims provider section) in the request so that users don't have to click on the Contoso IDP button and directly land on the Contoso.com tenant's authentication endpoint. You cannot bypass the contoso.com UI.
The only case where contoso.com UI will not be shown to the user is, if SSO kicks in for contoso.com based on cookies or primary refresh token (PRT), which I don't think can be considered as a solution.
Please do not forget to "Accept the answer" wherever the information provided helps you. This will help others in the community as well.
9 People are following this question.
