Invite external user to Azure B2C using email address as their username

GuyLowe
August 9, 2022
98 views
1 vote
2 Answers

I want to be able to create a new user in our Azure B2C instance using their preferred email address as the username they will use when accessing our web portal.

I’m using the Invitation Microsoft Graph API to invite new users This sends them an email and they then signup with us. This however assigns them a unique username using a combination of their email and our domain i.e. myemail_adomain.com#EXT#@our_verified_domain.com.

This leads to a terrible UX as users need to remember this very unmemorable username. Remembering passwords is enough of a challenge for users as it is.

If I create a user inside the Azure B2C portal I can give them any email address I want and not one of our verified domains using Create Azure AD B2C user

I want to be able to use this method but via an API.

The first 2 options, Create and Invite user, are available via the Microsoft Graph Inviations API
and the Create User API but I can’t find a way to do option 3.

The Create API won’t allow unverified domains and the Invite API creates the unique username which is very user unfriendly.

Does anyone know how I can do this?

The other option is to get them to signup themselves via a signup user flow but I’d rather avoid this as I want control over who is allowed to sign up.

Answers

- KartikBhiwapurkar
- August 9, 2022 at 3:24 pm
- 0 votes
0
• You can surely create a user in Azure AD B2C tenant through Microsoft Graph API by following the below documentation link for that purpose: –

https://learn.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http

Ensure that you have ‘User.ReadWrite.All’ and ‘Directory.ReadWrite.All’ permissions for ‘Application’ and ‘Delegated’ permissions type and the same permissions are consented for Microsoft Graph API in the explorer also with ‘Admin Consent’. Once, these are done, then execute the below command in Graph API as shown below: –
```
POST https://graph.microsoft.com/v1.0/users
Content-type: application/json

{
 "accountEnabled": true,
 "displayName": "Adele Vance",
 "mailNickname": "AdeleV",
 "userPrincipalName": "[email protected]",
 "passwordProfile" : {
 "forceChangePasswordNextSignIn": true,
 "password": "xWwvJ]6NMw+bWH-d"
 }
 }
```
As you can see, I don’t have sufficient privileges, so I can’t create a user in Azure AD B2C tenant.

The output will be as below after successful execution of the above Graph API command: –
```
HTTP/1.1 201 Created
Content-type: application/json

{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users/$entity",
"id": "87d349ed-44d7-43e1-9a83-5f2406dee5bd",
"businessPhones": [],
"displayName": "Adele Vance",
"givenName": "Adele",
"jobTitle": "Product Marketing Manager",
"mail": "[email protected]",
"mobilePhone": "+1 425 555 0109",
"officeLocation": "18/2111",
"preferredLanguage": "en-US",
"surname": "Vance",
"userPrincipalName": "[email protected]"
}
```
Login or Signup to reply.

- mstreffo
- March 15, 2023 at 11:53 am
- 0 votes
0
This sample JSON will create the kind of user that you want (from https://learn.microsoft.com/en-us/graph/api/invitation-post?view=graph-rest-1.0&tabs=http)
```
{
  accountEnabled: true,
  displayName: '<displayName>',
  givenName: '<givenName>',
  surname: '<surname>',
  identities: [
    {
      signInType: 'emailAddress',
      issuer: <issuer>,
      issuerAssignedId: '<email>'
    }
  ],
  passwordProfile : {
    password: '<password>',
    forceChangePasswordNextSignIn: false
  },
  passwordPolicies: "DisablePasswordExpiration",
}
```
<issuer> would be your onmicrosoft.com config value (from the B2C portal).

Note that this does not do the invite that you have asked for, but it will let you create emails such as [email protected]
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.