User Profile
Randy_Robb
Copper Contributor
Joined Jun 10, 2019
User Widgets
Recent Discussions
Re: Linking Azure AD and Azure AD B2C
Rainer_Thome I have done this for a client using a custom API and made it part of the user journey, it used the Graph API to get info from Tenants. There are two groups available - the groups within the Azure B2C Tenant and the groups within the Azure AD Tenant that owns the Azure AD B2C Subscription (The business tenant). The API accepts a few variables, one of them being a groups attribute and the other being a tenant id attribute. If the user journey needs groups, it will add the group request, but needs the source, the attribute being B2C or Azure. They needed this to display certain applications on their portal based on group assignments. The Groups attribute is sent in the claims information and the portal app determines App display via the groups attribute informationRe: Azure AD Sign in issue: “The account might not exist or it might not be synchronized"
Unnie Because you were using Okta [and Okta requires federation with Azure], are you using ADFS for federation with AD? IF so the issue may be with the Office 365 Relying Party Trust claim rule. I know that when I was working with a customer in helping them with their Okta issues, ADFS and Office 365 I needed to rewrite that to get it to work the way I wanted. I don't remember the details, but it had something to so with the samaccountname matching the beginning of the UPN.Re: Azure AD Guest Users
There may not be an actual limit enforcement, but during my testing in a demo client I set up to test the invite API I only had 2 native users and once I went over the limit (I can't say if it was exactly 10) even though the API processed the user without error, the invited user was never created. I assumed it was because of the limit so I made sure during testing I deleted the invited users to keep it below ten.Re: Office365 Guest Access
Corsino This is true - in my situation there was tight integration required between the two tenants, since they were essentially part of the same org, in the process of eventual migration. I also have another client that needs to have ad-hoc B2B collaboration using a B2C application, in which case the B2B data utilized is that provided by the B2C application using self asserted info as well as data derived from an API internally.Re: Re-inviting disabled Guest Users
JakobRohde In your situation the likely cause is blocking vs deletion - but for future reference I had a client that had a similar issue - but removing and deleting the user via Azure still did not allow the user to be re-invited (error was that user already existed). This was caused by a SharePoint object that was created for that B2B user that was invisible to the normal search tools. This user object was found by the SharePoint admin and manually removed. The user could then be re-invited. So if anyone comes across this situation this could be the underlying cause.Re: Office365 Guest Access
Pn1995 We had a client that needed to provision B2B users from a partner tenant that existed as AD objects in their local tenant - but needed to access resources and appear in gal as B2B users instead of local users - I populated these attributes via a call to the Graph API and used a patch call. This was done through a custom MIM connector.
