Azure Active Directory B2C User flow sign up sign in customization using API connector

Question

I want to use Azure AD B2C in Azure APIM application.

1. Here, when user signs up, its details will be sent to admin/specific email id via email to review/approve that user. till that time, signed up user will get message after sign up and if he tried to sign in as - Your profile is in review, please wait for confirmation email and then try to sign in.
2. when admin/user will approve that user, then he will get confirmation email and he will be able to sign in.

Here, in above scenario, how can I use sign up and sign in user flow with API connector to achieve this.

please help.

Answer 1

This would not be supported with User Flows and API Connectors.

If you use the before creating the user API connector, if you return a 409 from your API, the user will not be created, therefore does not flow into the approval process. If you return a 200OK and mark the account as inactive via the Graph API the user will still be signed-in as part of the sign-up flow.

Returning a 409 response from the before sending the token (preview) API connector results in a AADB2C90075 error being sent to the application.

To reduce the overhead of developing against the Identity Experience Framework, I would suggest to have only a sign-in User Flow and manage the sign-up via an invitation based flow. This does mean handling the account request and approval outside of Azure AD B2C.