azure-ad-b2c

Limit Azure Active Directory Registrations


In azure active-directory B2C, is there a way to limit registration according to an email address pool? Or can one pre register accounts, then user would have to choose password or use google or facebook account?


Solution

  • There is no built-in mechanism in Azure AD B2C to limit registration to a specific set of users / emails. You can request this via the Azure AD B2C feedback forum.

    However, you can implement this yourself by:

    1. Having a custom attribute to determine whether a user is "approved" or not. You would let users sign up by themselves and you would create an experience or flow that queries the Azure AD Graph for users that haven't been "approved" and then either approve them or delete them.
    2. Building an invitation flow. When you invite a user, you'd create the user through the Azure AD Graph. You would then direct your users to the Password Reset policy as their "account verification" flow. This only works for local accounts as you can't pre-create users backed by social-accounts.

    This is similar to Azure AD B2C - approval upon sign up?