Search code examples
azureazure-ad-b2cazure-ad-graph-apiidp

Federated identity creation by graph-api in Azure B2C

Using user-update Graph-API on Azure B2C , i can't understand the create/update identities structure.

{
    "displayName": "User Name",
    "givenName": "User",
    "surname": "Name",
    "userType": "Member",
    "userPrincipalName": "[email protected]",
    ...
    "identities":[
        {
            "signInType" : "federated",
            "issuer": "https://login.company.com/auth/realms/realm-qt
            "issuerAssignedId" : "[email protected]"
        },
        {
            "signInType" : "userPrincipalName",
            "issuer": "mytenant.onmicrosoft.com"
            "issuerAssignedId" : "[email protected]"
        }
    ]
}

I need to add a record with "signInType" as "federated", and other informations. The example record was automatically created by integration with an external IDP in the first user login.

I would like to create users in Azure B2C before their first login instead.

How?

Solution

  • • You can create multiple users with ‘signin type’ as ‘federated’ as below. Create an HTTP post request to pass the required parameters for the users to be created as federated. In the below stated request for creation of federated user identity, mention the details of multiple users in the sequential format one after the other as below.

      ‘ POST https://graph.microsoft.com/v1.0/users
      Content-type: application/json

  {
       "displayName": "John Smith",
         "identities": [
 {
  "signInType": "userName",
  "issuer": "contoso.onmicrosoft.com",
  "issuerAssignedId": "johnsmith"
},
{
  "signInType": "emailAddress",
  "issuer": "contoso.onmicrosoft.com",
  "issuerAssignedId": "[email protected]"
},
{
  "signInType": "federated",
  "issuer": "facebook.com",
  "issuerAssignedId": "5eecb0cd"
}
],
   "passwordProfile" : {
   "password": "password-value",
    "forceChangePasswordNextSignIn": false
  },
     "passwordPolicies": "DisablePasswordExpiration"
  } ‘

    The response of the above request in graph API would be as below: -

     ‘ HTTP/1.1 201 Created
    Content-type: application/json

   {
  "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
       "displayName": "John Smith",
     "id": "4c7be08b-361f-41a8-b1ef-1712f7a3dfb2",
      "identities": [
    {
        "signInType": "userName",
         "issuer": "contoso.onmicrosoft.com",
         "issuerAssignedId": "johnsmith"
      },
     {
         "signInType": "emailAddress",
          "issuer": "contoso.onmicrosoft.com",
          "issuerAssignedId": "[email protected]"
       },
    {
  "signInType": "federated",
  "issuer": "facebook.com",
  "issuerAssignedId": "5eecb0cd"
  }
  ],
     "passwordPolicies": "DisablePasswordExpiration"
  } ‘

    Please refer the below link for detailed information: -

    https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http

    Also, would request you to please refer the below SO community thread for more information on this: -

    How to update identities collection for existing B2C User using Microsoft Graph and SDK