Non Verified Domain as IdntifierUri for Azure B2C IEF Application
Problem
I am unable to configure the identifierUri of an Azure B2C Identity Experience Framework (IEF) Application to a URL that is not verified. Furthermore, I cannot verify the domain I need to add because it is because it is a third party's domain configured by the SAML Service Provider.
Context
In the deprecated AAD Graph App Manifest, you were able to set "accessTokenAcceptedVersion": 2 to allow non-verified domains. On Azure's documentation, they said
If you do not update the accessTokenAcceptedVersion to 2 you will receive an error message requiring a verified domain.
The relying party is a 3rd party and their IssuerUri is not a domain that I can control. So when I set the identifierUris to their URI, I get the error Failed to update {application-name} application. Error detail: Values of IdentifierUris property must use a verified domain of the organization or its subdomain.
How can I resolve this issue?
The error occurs if missed enabling "accessTokenAcceptedVersion": 2 before configuring non-verified domain as identifier URI.
Initially, I too got same error when I tried to update identifier URI with non-verified domain value without enabling accessTokenAcceptedVersion :
To resolve the error, make sure to update accessTokenAcceptedVersion to 2 that will be renamed as requestedAccessTokenVersion in Microsoft Graph App Manifest (New).
When I tried to update identifier URI with non-verified domain after modifying requestedAccessTokenVersion value to 2, it worked like this:
If still the error persists, try creating new application and update in that to resolve the issue.
- Blazor WASM Authorization Policy issue when opening new browser tab
- how to Get token from URL?
- Azure AD B2C Stuck on Redirect Url
- Microsoft Graph API Bulk Reset Users Password
- Retrieving the last or most recent SignInLogs in a specific Azure AD B2C using Get-MgAuditLogSignIn -All throws error Stream does not support reading
- Azure B2C SAML response missing email address attribute
- Azure AD B2C - Using Multiple SignUp forms. The OrchestrationSteps are not working correctly
- How to Setup User Journey Viewer for Azure AD B2C
- How to add UAE Pass as identity provider to Azure AD B2C
- PowerShell Graph SDK to retrieve Azure AD / Entra B2C Resource Group Name
- Trouble Setting Up Authorization Code Flow In Azure B2C
- Azure B2C groups integration
- Azure AD B2C login redirect not working in Blazor WASM Standalone
- Azure AD B2C return url in azure web app plan
- Repeated MFA Phone Number Prompt in "SignUpOrSignIn" User Journey
- PlayFab integration with Azure AD B2C as OpenID Connect
- Azure AD B2C passwordless for only Local Account policy
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Azure B2C EditProfile custom policy without Signing In first
- Azure multi tenant SaaS application - which Entra service to use?
- Unable to authenticate using Angular MSAL library after upgrade to version 3.0.0-beta.0
- Disable Azure AD Graph API with blockAzureADGraphAccess
- Is there a way of connect Entra External Id to our Azure B2C federation without using b2c login flow
- Microsoft Graph API - Update phoneMethods is no longer working
- Azure AD B2C Front-channel logout URL Not Working
- Flutter MSAL_js-based (B2C) Authentication fails
- Caching User Single Sign On using Distributed Cache
- How to redirect back to Azure AD B2C defining which custom policy to use based on the username given
- Access token not working Azure AD custom policy
- MSAL login getting stuck in .NET MAUI app