question

MaximTihobrazov-8421 avatar image
0 Votes"
MaximTihobrazov-8421 asked ClintWoods-7229 commented

Unable to login with Recommended sign in user flow

I am using Azure AD B2C and create there a new sign in user flow

If I choose "Standard" flow, then try to test it with "Run user flow" in portal, it works fine (I enter UPN as login here),

but with choosing "Recommended" I can not login with the error "The username you have provided is not valid. It must begin with an alphabetical character or number, and can only contain alphanumeric characters and the following symbols: _ -", so full UPN with the form user@example.com can not be used, trying to enter login without @example.com ends up with the error "We can't seem to find your account"

azure-active-directoryazure-ad-b2c
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MaximTihobrazov-8421
Thanks for your post!

I walked through the Create user flows in Azure Active Directory B2C documentation, and successfully logged in with one of my users using the "recommended" workflow, and my full email address (email@email.com).

-Can you go to your Azure Active Directory for your B2C tenant, and make sure the user you're trying to sign in with, is in the list of users for your B2C tenant. Because the list of users in your AzureAD tenant will be different than your B2C tenant.
25893-b2c.jpg


If you have any other questions, please let me know.
Thank you for your time.

0 Votes 0 ·
b2c.jpg (24.5 KiB)

@MaximTihobrazov-8421
I just wanted to check in and see if you required additional assistance or if you were able to resolve this issue?

0 Votes 0 ·

We are also experiencing the same issue with the Sign in (Recommended) userflow - It shows the following when we try to sign in with an email address that does have an actual user with that username in the back end.
27707-nouseremail.jpg


This a deal breaker for us in using the Recommended solution because some of our usernames are emails and some are not.

Usernames that are emails work fine when using the Sign in (Standard) user flow.

1 Vote 1 ·
nouseremail.jpg (33.3 KiB)

No, we have another scenario. It works perfectly with Standard flow. But there is an issue with standard flow that I described here: https://docs.microsoft.com/en-us/answers/questions/89257/34keep-me-signed-in34-stays-when-34disabled34-azur.html\
So we started research with recommended flow

Our user name contains @ sign. It is saved in UPN - user principal name. But with recommended flow I can not login using upn name. It is NOT user's email address, it looks like an email address: "username@staging.ourcompany.com", but user's email address is different (so we can register on our test env many users with the same email)

0 Votes 0 ·
JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered ClintWoods-7229 commented

@MaximTihobrazov-8421 and @NickRubino-3080
Thank you both for the details and screenshots, I reproduced your issue and will post my findings below.

Findings:
Working with my team, we found that your "Local Account" configuration might be set to Username, rather than Email.
28397-repro.jpg

Next Steps:
In order to resolve this issue we need to change your configuration from username to email.

1- Navigate to where your AzureAD B2C overview page -> Select Identity Providers -> Select Local Account -> Change from Username to Email
28423-localaccconfig.jpg

2- Navigate to your User flows, specifically your "recommended sign-in" flow -> Select Identity Providers -> Select the box next to Local Account and save.
28472-b2cconfig.jpg

3- Re-run the flow and sign in using your email address or UPN.


If you're still experiencing issues with this, please let me know.
Thank you for your time and patience throughout this issue.


repro.jpg (50.3 KiB)
localaccconfig.jpg (49.3 KiB)
b2cconfig.jpg (61.0 KiB)
· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is not a solution for our implementation, we need to be able to use the Username configuration, not the Email configuration.

Our users have been migrated and the username could be either an email or a username and therefor the only option is the Username configuration. See some our examples below in our tenant.
28374-sampleusers.jpg



In previous versions of the signin userflows (standard and preview) I was able to login with both the brian@gmail.com and nrubino123 usernames. The Recommended userflow does not allow this. Since we can create AD users with usernames that are email addresses we need to be able to enter the @ and . symbols into the username textbox in the recommended userflow. Please escalate.

Thanks,
Nick

2 Votes 2 ·
sampleusers.jpg (142.1 KiB)

Same situation for us

2 Votes 2 ·

@NickRubino-3080 and @MaximTihobrazov-8421
Thank you both for your time and patience throughout this issue and the detailed responses.

I've escalated this thread to our engineering teams to see if they can provide some additional guidance on this issue.


If you have any questions or concerns in the meantime, please let me know.
Thank you both again for your time and patience.

0 Votes 0 ·
Show more comments

Did not solve for me. I set them both but still get "we can't seem to find your account". Also note the password reset rule works just fine.


137581-image.png


0 Votes 0 ·
image.png (38.8 KiB)
JasSuri-5387 avatar image
1 Vote"
JasSuri-5387 answered

You can use Custom Policy Username sample here that will support both Username and Email in a Username style policy (like User Flow).
https://github.com/azure-ad-b2c/samples/tree/master/policies/username-signup-or-signin

The Custom Policy allows you to adjust the regular expression used to validate the "username" field, such that it can support the '@' symbol, or any other characters you expect.

In User Flow, it has been restricted to explicitly Email=email, and Username=username (ie not an email).

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.