question

DevendraPratap-3791 avatar image
0 Votes"
DevendraPratap-3791 asked DevendraPratap-3791 commented

Azure AD B2C Signin Only that users who has gmail.com account or Any Specific Company domain and Only verified by organization (me)

we need to allow only signin from specific gmail user, and also we need to sign in from any company email id and password , we don't want to create any user account
and allowed only some specific number of user can signin with gmail.com account (Google - Identity Providers in Azure AD B2C) means user must be verified by organization (me) or organization (me) provides list of users that can signin only.

azure-ad-b2cazure-ad-authenticationazure-ad-b2bazure-ad-app-managementazure-ad-verifiable-credentials
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
1 Vote"
amanpreetsingh-msft answered DevendraPratap-3791 commented

Hi @DevendraPratap-3791 • Thank you for reaching out.

I understood that you want to allow a specific set of Gmail and organizational accounts to signup and sign in to the application federated with your B2C tenant. Unfortunately, there is no out of box solution available for this purpose. There are below options that you may consider:

  1. Define a RESTful technical profile in an Azure Active Directory B2C custom policy, that makes an API call to check if the email provided by the user exists in the approved list. If it does exist, allow the signup otherwise throw a customized error message.

  2. Utilizing this custom policy sample that restricts signup from specific domains in the email address by applying a restriction using regex as mentioned below. However, in your case, it will not be possible to use regex. Apart from Regex, the only option available to apply Restriction is Enumeration which requires CheckboxMultiSelect, DropdownSingleSelect, or RadioSingleSelect. E.g., you can use Enumeration restriction to provide a drop-down list of pre-approved email addresses, out of which the user may select his/her email address to signup. (Not an ideal solution if the list is huge.)

        <ClaimType Id="email">
             <Restriction>
               <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~\-]+@(outlook[.]com|live[.]com)" HelpText="Please enter a email address from one of the following domains: outlook.com, live.com."  />
             </Restriction>
           </ClaimType>
    

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank You sir!
I am trying to go with solution.

0 Votes 0 ·