Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,991 questions
AD B2C Guest User for the application (Local Account Type)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 5%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Malhotra, Neha Satish
0
Reputation points
I have requirement of 'Guest User' in my application. If user clicks on 'Continue as Guest' the user should be able to enter in the application by just verifying the email-id based on OTP sent on email.
And then submit some case in the application which will send an email to do a signup on the application to track the progress of there case.
I tried to achieved this requirement in two parts :
Part 1 - Create a User in Active Directory with passwordless-custom-policy reference and redirect to my application.
Part 2 - For the sigup after case submission, I am confused on how to do this.
One approach is to mark 'RaiseErrorIfClaimsPrincipalAlreadyExists' as false during the signup so that account will get overridden when user does a signup with firstname, givenName and Password fields.
But this will be security breach - as I want to make this 'RaiseErrorIfClaimsPrincipalAlreadyExists' as false only when my custom user attribute 'isGuestAccount' = true.
Can anyone help in this please?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor2025-01-07T21:12:16.3566667+00:00 Hi @Malhotra, Neha Satish
Thank you for reaching Microsoft Q&A Forum!In this scenario I suggest you checks if the user is a guest before allowing account creation or overriding.
Check if the account already exists using the provided email.
If
isGuestAccountistrue, allow the account to be overridden by settingRaiseErrorIfClaimsPrincipalAlreadyExiststofalse.If the account exists but
isGuestAccountisfalse, prevent the signup and inform the user that they need to log in instead.Also, you can create Separate Flow for Guest Users.
-
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor
2025-01-09T18:37:12.8133333+00:00 Hi @Malhotra, Neha Satish
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help. -
Malhotra, Neha Satish 0 Reputation points
2025-01-10T07:33:49.3366667+00:00 hi @Akhilesh Vallamkonda - i agree with your approach of using 'isGuestAccount' flag but not sure on how to implement this. As
RaiseErrorIfClaimsPrincipalAlreadyExistscan be used only inside the technical profileAAD-UserWriteUsingLogonEmailand its the predefined technicalId and there cant two technical profile id of the same name.So not sure how to put that precondition of checking the guestAccount flag.
-
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor
2025-01-10T20:32:28.5933333+00:00 Hi @Malhotra, Neha Satish
I suggest you go through this Document how to implement -
Akhilesh Vallamkonda 11,355 Reputation points Microsoft Vendor
2025-01-13T16:56:55.0433333+00:00 Hi @Malhotra, Neha Satish
Following up to see if the above answer was helpful. If this answers your query, do clickAccept AnswerandYesfor was this answer helpful. And, if you have any further query do let us know.
Sign in to comment
Sign in to answer