cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
MichelleH
Helper III
Helper III

Moving to Azure AD B2C and keeping old contacts

Hi,

 

So I have a portal already up and running and am looking to move from local sign in which will soon be deprecated to azure ad b2c.  We currently already have contact assigned to accounts and associated with web roles?  How can I set up b2c and ensure that these contact can login trhough azure with same web roles and assigned to correct account? For new users how do i do this also?  Do we still send out invites and ask users to use the code?  How can new contact become assigned  a webrole and to an account when they login/sign up using azure ad b2c?

1 ACCEPTED SOLUTION

Accepted Solutions
Fubar
Solution Sage
Solution Sage

FYI: local login is unlikely to be deprecated any time soon

 

For Existing users:

Web Role is attached to the Contact record in Dataverse not B2C.  The B2C does not change Web Role assignment, the B2C adds an External Identity record to the Contact this record holds the URL of the Azure B2C Identity Provider, and the B2C  GUID of their identity in B2C.  You will have to do one of the following

  • Enable "Contact Mapping with Email" mapping when you setup B2C - just be aware that as the email address is the only thing that is used it may not be very secure without something like multifactor authentication etc. to verify the person registering for B2C owns the email address. https://docs.microsoft.com/en-us/power-apps/maker/portals/configure/configure-azure-ad-b2c-provider-...
  • Write something (can be done in Flow also) that goes over your existing Contacts and creates the B2C account for them in Azure B2C (using the Graph API and then) and then creates the respective External Identity record 
  • Enable B2C and disable local login, and then send them another invitation

 

New users

Can still use Invitations, Web Role assignment either via being attached to the Invitation or via realtime workflow/plugin.

View solution in original post

1 REPLY 1
Fubar
Solution Sage
Solution Sage

FYI: local login is unlikely to be deprecated any time soon

 

For Existing users:

Web Role is attached to the Contact record in Dataverse not B2C.  The B2C does not change Web Role assignment, the B2C adds an External Identity record to the Contact this record holds the URL of the Azure B2C Identity Provider, and the B2C  GUID of their identity in B2C.  You will have to do one of the following

  • Enable "Contact Mapping with Email" mapping when you setup B2C - just be aware that as the email address is the only thing that is used it may not be very secure without something like multifactor authentication etc. to verify the person registering for B2C owns the email address. https://docs.microsoft.com/en-us/power-apps/maker/portals/configure/configure-azure-ad-b2c-provider-...
  • Write something (can be done in Flow also) that goes over your existing Contacts and creates the B2C account for them in Azure B2C (using the Graph API and then) and then creates the respective External Identity record 
  • Enable B2C and disable local login, and then send them another invitation

 

New users

Can still use Invitations, Web Role assignment either via being attached to the Invitation or via realtime workflow/plugin.

Helpful resources

Announcements
Microsoft 365 Conference – December 6-8, 2022

Microsoft 365 Conference – December 6-8, 2022

Join us in Las Vegas to experience community, incredible learning opportunities, and connections that will help grow skills, know-how, and more.

Top Kudoed Authors
Users online (1,309)