This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 57.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi,
our login process requires to logon to Azure B2C with a valid MS Account and we receive a token from the authorize call.
Next step is to check in the database if the user specified in that token is a valid user of the current instance.
We try to enforce a logout from Azure B2C for this application if the account has no rights in that application in order to allow the user to use a different Azure Entra Account.
But since the initial login to Azure was successfull, he will not get the option to select another account but will instead login with the same account, providing the same token if he pushes the Multi-Tenant button.
This user might be a valid user in another instance of the same application, but he can not escape from this login loop.
Maybe there is a gap in our login process, but I see no way to get out of this loop.
Any ideas about how we could prevent a customer from getting into this kind of endless loop login without the "logout and forget this account" button?
Kind regards,
Michael
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Just checking in to see if below information was helpful. If you have any further updates on this issue, please feel free to post back.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 27%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Hello @Michael Müller,
Following up to see if the below suggestion was helpful. And, if you have any further query do let us know.
Thank you for posting this in Microsoft Q&A.
Based on the information provided, I understand that the issue is that users are getting stuck in a login loop when they try to log in to the application using a different Azure Entra account. This happens because the initial login to Azure B2C was successful, and the user is not given the option to select a different account.
To allow the user to select a different Azure Entra account, you can add the prompt=login claim, which forces the user to enter their credentials on that request, thereby negating single sign-on. Alternatively, using prompt=select_account will display an account selector to the user, allowing them to pick which account they intend to sign in with, without requiring them to enter their credentials again. This will provide the option to select another user account.
When you want to sign the user out of the application, it is not enough to clear the application's cookies or end the session. You must redirect the user to Azure AD B2C to sign out. Otherwise, the user may be able to reauthenticate to your applications without entering their credentials again. Make sure to add a logout URL for your application.
For your reference: https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-user-flow#sign-out
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.