How can we improve Azure Active Directory?

Add an Azure AD Identity Provider

AADB2C is great, but why not adding an Azure AD provider? We're developing an application where we can have customers with social identities as well as Azure AD identities, it would be great in the AADB2C login page to have an option like "Organization Account". In this way we can code against one single API and not be forced to use two different entry points.

285 votes
Sign in
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Daniele shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: oidc
Signed in as (Sign out)
  • James commented  ·   ·  Flag as inappropriate

    Has anyone actually got this to work? Create the B2C tenant, and then add an external AAD as an idp and successfully authenticate against it? I've tried numerous configurations, and all I ever get is error AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: I was able to successfully add FB and authenticate, but not with AAD. I would like to hear from someone that has successfully done this. I tried MS support but all they send me are links to all of the online docs that I have already tried. thx.

  • Erik Renaud commented  ·   ·  Flag as inappropriate

    Having an identity provider based on what MSAL can do (login with either MSA or any tenant AAD) would be awesome..

  • Niklas commented  ·   ·  Flag as inappropriate

    I doesn't look like the preview allows home relm discovery. Will the possibility to add the common tenent be included in this feature in the near future?

  • Nik commented  ·   ·  Flag as inappropriate

    Anyone working on this? any timelines? any project plan? anything?

  • Jivago Pecharki commented  ·   ·  Flag as inappropriate

    Hi, any news on it?

    We use Azure B2C and it is stopping us from going to azure Market place because it requires Azure AD Provider.

    Thank you!

  • Conor O'Neill commented  ·   ·  Flag as inappropriate

    I very much agree with "mdomsch"'s comment from May 17; home realm discovery would be extremely useful.

  • Anonymous commented  ·   ·  Flag as inappropriate

    When delivering an app and using B2C, allowing users to sign in with Microsoft Account as well as their Work or School Account.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Any update on a time-frame for when this will be publicly available through built-in policies?

  • mdomsch commented  ·   ·  Flag as inappropriate

    I hope this can be used to set up the AAD "common" tenant, which does home realm discovery (customer types in their email address and the real tenant is looked up) to find the actual AAD tenant. This would allow any customer with an AAD account in any AAD tenant (that has not disallowed it to be used with the common tenant) to authenticate.

    I also want to avoid the "NASCAR chooser" style UX, where we would need a "Login with customer X", "Login with customer Y", "Login with customer Z" style buttons for each possible customer, which could be thousands long. A single "Login with Azure AD" button would be preferred.

  • Laurie Norwood commented  ·   ·  Flag as inappropriate

    We have a immediate for exactly what is described - Organisational Account option will avoid "user confusion on the AADB2C page".

  • Rachel Kollias commented  ·   ·  Flag as inappropriate

    We would also like to be able to pass the social data that we can receive via the social login easily to our underpinning CRM systems.

  • Jason commented  ·   ·  Flag as inappropriate

    This idea works perfectly for our model. It works great for our internal company users, to allow users to connect to the Customer facing applications with their internal Federated Domain credentials instead of additional login.

    Works well for our large customers. If we have a customer/client/partner with several hundreds of users who would consume our Customer Facing applications, the Federated approach would be superior. These customers normally are already Federated with Azure.


  • Hugo Voerman commented  ·   ·  Flag as inappropriate

    +1 tot Rob's comment. We also have SaaS applications that want to use local accounts, internal (B2E) AAD account as well as external AAD's and possibly social accounts. We want to use AAD B2C as the identity broker serving it's internal accounts and brokering to the other identity providers.

  • Rob Richardson commented  ·   ·  Flag as inappropriate

    We have multiple applications that simultaneously serve internal employees and external customers. Our internal employees need to be able to sign-in with their Azure AD creds while our customers need to be able to either sign-in with their External Azure AD creds (if organization is using AAD), or fall back to Local Accounts or Social Accounts in AAD B2C. So, yea, being able to add Azure AD tenants as B2C IDPs is critical for us as well.

  • Jon Day commented  ·   ·  Flag as inappropriate

    Scenario: we host applications that have users from many different organizations, each of which may have their own AAD tenant. We would like to configure a B2C instance to allow for an OpenID connect authentication for any Azure tenant similar to how the V2 endpoint works. Our needs would be met directly if the V2 endpoint could be configured as an Identity provider within a B2C instance.

← Previous 1

Feedback and Knowledge Base