I created a multi-tenant registration app in Azure, supporting two types of tenants: one for internal users and another for external users.
My front-end application has a single login button and it can authenticate both internal and external users through my multi-tenant registration app.
I configured the authentication settings in my front-end according to Azure's guidelines, using the MSAL library.
My front-end aplication sends the request to https://login.microsoftonline.com/common endpoint that serves across all Microsoft Entra tenants.
My question is: If a new user who is not registered in any tenant wants to sign up through my front-end application, how can I ensure they are registered in the correct tenant?
For example, if the new user is internal, the user will be registered in the internal users' tenant; otherwise, the user will be registered in the external users' tenant.
Note: In a multi-tenant app registration, users from any Azure AD tenant (including external organizations) can authenticate via the
https://login.microsoftonline.com/commonendpoint.
Using a multi-tenant Azure AD application, you cannot show an option for new external users to sign up directly.
As mentioned by you, you have to make use of register external users using Azure AD B2C and set up a User Flow .