Add an Azure AD Identity Provider
AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.
Adding an Azure AD org as an identity provider is now GA.
For built in user flows, you can reference our docs page: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory.
For custom policies, you can reference this docs page: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
Alexander Bartosh commented
Hey guys ( Sam ? :) ),
Is there any timeline on this?
Has anyone actually got this to work? Create the B2C tenant, and then add an external AAD as an idp and successfully authenticate against it? I've tried numerous configurations, and all I ever get is error AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: I was able to successfully add FB and authenticate, but not with AAD. I would like to hear from someone that has successfully done this. I tried MS support but all they send me are links to all of the online docs that I have already tried. thx.
Erik Renaud commented
Having an identity provider based on what MSAL can do (login with either MSA or any tenant AAD) would be awesome..
I doesn't look like the preview allows home relm discovery. Will the possibility to add the common tenent be included in this feature in the near future?
Daniel Decker commented
It appears this feature is now in preview:
Anyone working on this? any timelines? any project plan? anything?
Jivago Pecharki commented
We would be glad to access a private preview regarding this feature as soon as possible.
Jivago Pecharki commented
Hi, any news on it?
We use Azure B2C and it is stopping us from going to azure Market place because it requires Azure AD Provider.
James Mitchell commented
This is one if the two things stopping us using AADB2C. Would be great to have
Suresh Nadansundaram commented
Any update on this feature available through built-in policies?
Conor O'Neill commented
I very much agree with "mdomsch"'s comment from May 17; home realm discovery would be extremely useful.
When delivering an app and using B2C, allowing users to sign in with Microsoft Account as well as their Work or School Account.
Any update on a time-frame for when this will be publicly available through built-in policies?
I hope this can be used to set up the AAD "common" tenant, which does home realm discovery (customer types in their email address and the real tenant is looked up) to find the actual AAD tenant. This would allow any customer with an AAD account in any AAD tenant (that has not disallowed it to be used with the common tenant) to authenticate.
I also want to avoid the "NASCAR chooser" style UX, where we would need a "Login with customer X", "Login with customer Y", "Login with customer Z" style buttons for each possible customer, which could be thousands long. A single "Login with Azure AD" button would be preferred.
Laurie Norwood commented
We have a immediate for exactly what is described - Organisational Account option will avoid "user confusion on the AADB2C page".
Rachel Kollias commented
We would also like to be able to pass the social data that we can receive via the social login easily to our underpinning CRM systems.
Jason Levandoski commented
This idea works perfectly for our model. It works great for our internal company users, to allow users to connect to the Customer facing applications with their internal Federated Domain credentials instead of additional login.
Works well for our large customers. If we have a customer/client/partner with several hundreds of users who would consume our Customer Facing applications, the Federated approach would be superior. These customers normally are already Federated with Azure.
Hugo Voerman commented
+1 tot Rob's comment. We also have SaaS applications that want to use local accounts, internal (B2E) AAD account as well as external AAD's and possibly social accounts. We want to use AAD B2C as the identity broker serving it's internal accounts and brokering to the other identity providers.
Rob Richardson commented
We have multiple applications that simultaneously serve internal employees and external customers. Our internal employees need to be able to sign-in with their Azure AD creds while our customers need to be able to either sign-in with their External Azure AD creds (if organization is using AAD), or fall back to Local Accounts or Social Accounts in AAD B2C. So, yea, being able to add Azure AD tenants as B2C IDPs is critical for us as well.
Scenario 1: We have a SaaS application using AADB2C. End users use local accounts to sign in. The admins of the SaaS provider should be able to log in using the provider's AAD. It would be nice if AADB2C would allow this scenario.
Scenario 2: We have another SaaS application where some tenants have an AAD, some don't. Today, we are using IdentityServer to cover that. It would be great if we could use AADB2C in that scenario, too. Tenants with AAD would like to sign in with their AAD accounts. Tenants without AAD would use local accounts. In that case a single AAD tenant would not be sufficient. We would need AAD support without having to specify a specific AAD tenant.