Multitenant collaboration/B2B Direct/Sync'd directory settings
Hi All, We have some tenants sync'd via Multitenant collaboration/B2B Direct sync in Entra ID, however have specific requirements on what we want to share, the following applies: Sync'd global address book is fine, however we want to exclude any…
Add custom claims in client credentials flow in Microsoft Entra ID
We need to include custom claims from an external source into a token issued by Microsoft Entra for a service-to-service scenario. Basically, when getting an access token to our app via https://{tenant_name}.ciamlogin.com/{tenant_id}/oauth2/v2.0/token…
How can I connect Entra to GitHub Enterprise Cloud to allow external contibutors to software development project?
I want to connect Entra to GitHub Enterprise Cloud


Branding logo not loading in the Microsoft login page due to Content Security Policy
The app logo is shown as error in chrome browser as you can see in the attached screen shot. From the console you can see the error is related to Content Security Policy violation: Refused to load the image…
creation of a external id tenant not allowed by policy
we are trying to create an Microsoft Entra External ID, however our policies are not allowing it. One of our policies allows creation of resources only on specific regions. On setup of the service it asks for a Country (not a Region), and when the policy…
Android Shared Device Mode with External Identities
I have set up an Android Device in Shared Device Mode. I can successfully sign in as a user from my own Identity. When I try to sign in using an account from an external Identiy, I get the error that the requested account is from a different…
Invited guest users are not able to do 2 factor authentication when signing into application from external tenant.
I have invited a guest user into my entra external tenant. When the guest logs into an existing application that is present in the external tenant. The guest user enters their email then performs email otp. Then they are errored out. I want the user…
How do we stop others to use our client id and tenant id with electron
We have been using web flow till now where our backend was having a secret to generate a token for us. Recently we were checking MSAL library for Node to use it in our Electron multitenant application. Our concern here is about security. How do we stop…
Migrating user credentials from AD B2C to Entra External ID
Is it possible to transfer user data including the hashed passwords from AD B2C to Entra External ID? Is such a migration path possible via self-service or via Azure support? Thanks!
How to invite external users to setup an Azure AD B2C (Local account)?
Based on our understanding of the Azure AD B2C, below are the possible options to invite external users to setup an Azure AD B2C (Local account) using user flows: Sign up user flow - We manually send email to users with sign-up user flow endpoint. …
Why did refresh tokens expire after 12 hours in Microsoft Entra External ID?
Background I'm developing a React Native Expo mobile app (running on both Android and iOS) that uses Microsoft Entra External ID for browser-delegated authentication via the expo-auth-session library. Users authenticate using email with password. …
How to managed B2B customers with their own OIDC Identity Provider?
I'm exploring identity options for a B2B SaaS application where each tenant in the SaaS application can bring their own OIDC identity provider. External ID in external tenants might be an option, but I'm struggling with two points: Whilst…
B2B collaboration user couldn't change password
Hi guys, help me to understand cause of the issue. I have 2 users converted to external B2B collaboration(to let them use external email address as a login). One can login to entra account by https://login.microsoftonline.com/with his invitation external…
Custom URL domain doesn't work with tenant ID instead of its name in URL
Hi there, coming from Azure B2C, my company is used to know that `https://login.example.tld/

Handle authentication for two different apps and different user sets within single Azure AD B2C tenant
I have a scenario where I have two different web apps. Each with its own users. There is a possibility that user from app1 is also part of app2 as well. I have created one organization level Azure AD B2C tenant. What I am not able to understand are below…

Query Parameter in Authorize url to be passed to custom claims provider
Using the following sample: https://learn.microsoft.com/en-us/entra/identity-platform/custom-extension-tokenissuancestart-configuration?tabs=azure-portal%2Cexternal-tenant I succeeded in triggering an Azure Function on the TokenIssuanceStart event to add…
Unable to select Australia as location for new CIAM External ID tenant
Hi all, I am setting up a new Entra ID External CIAM tenant. Under the 'Location' section, I am unable to find Australia. Is it possible to select Australia as a location for the tenant? We need data to stay within the country to be within our privacy…
Getting error "You can't sign in here with a personal account. Use your work or school account instead."
I have an Entra External Tenant for the users of my application, but I'm getting this error when trying to log into my application: You can't sign in here with a personal account. Use your work or school account instead. The email I'm trying to login in…
AADB2C90237: The provided token does not contain a valid audience. Please provide another token and try again. - Google as IDP
AADB2C90237: The provided token does not contain a valid audience. Please provide another token and try again. - Google as IDP in Azure B2C custom policy
Managing External Collaboration Settings for Third Parties
What are the most effective ways to manage external third parties in Azure AD? For instance, if target.com is whitelisted in a tenant, what kind of access will staff from target.com have to my domain (e.g., Teams, SharePoint, etc.)? Is there any default…