Search code examples
azureazure-active-directoryazure-ad-b2copenid-connectopenid

Azure AD as an OpenID Connect Provider for an Azure ADB2C

I have an Azure AD named FOO where I have a bunch of users. I created an Azure ADB2C as a Resource inside the FOO directory, named BAR, in which I want to signUp/signIn users. However, if you are already a user in FOO I want you to be able to connect via an Identity Provider.

Is this possible? I did not manage to make this work. I'm currently following these docs:

1 This seems like it works for FOO AD for FOO ADB2C.

2 This seems like it would fit my scenario.

3 This seems like it would work for FOO ADB2C to BAR ADB2C.

Even tho the second docs fit my scenario, I see that it's mandatory to use custom policies, which I'm not a fan of. Is there any workaround? Has anybody faced this scenario before?

Solution

  • Since you are using a signin flow, Azure AD B2C is expecting the user object to exist in the B2C directory.

    You'll have to either:

    1. Use a signin/signup flow that makes B2C create the user if it does not already exist
    2. Use a custom policy that allows local users to sign in + creates users objects for your AAD users if they don't exist yet