如何在 Azure Active Directory B2C 中添加具有本地名称的用户? [英] How do you add a user with a local name in Azure Active Directory B2C?

问题描述

我已启动并运行 Azure Active Directory B2C，并且可以使用在 AD 中创建的具有@.onmicrosoft.com 形式的用户登录.因此，例如，john.smith@myorganization.onmicrosoft.com 就可以正常工作.但是这些用户名是不能被外部使用的.我还可以使用基本的 Microsoft 帐户登录，因此名为 john.smith@comcast.net 的用户将通过 Microsoft 目录重定向来工作.

I've got an Azure Active Directory B2C up and running and can sign in with users created in the AD that have the form of @.onmicrosoft.com.  So, for example, john.smith@myorganization.onmicrosoft.com, works just fine.  But these user names are unacceptable for external use.  I've also got basic Microsoft Account logins working, so a user with the name of john.smith@comcast.net will work by redirecting through the Microsoft directory.

但我想允许任意电子邮件登录.使用 Azure 门户，如何添加用户并为他们提供 john.smith@somecompany.com 的登录 ID?文档和常见问题解答表明这是可能的，但是当我添加用户时，我在 Azure 门户中找不到该选项.我错过了什么?

But I want to allow arbitrary emails for logins.  Using the Azure Portal, how do I add a user and give them a login id of john.smith@somecompany.com?  The document and FAQ indicate that it's possible, but I can't find the option in the Azure portal when I add a user.  What am I missing?

推荐答案

Azure AD B2C 用户不应通过 Users &组刀片.

此刀片虽然可从 Azure AD B2C 编辑设置刀片中获得，但目前用于管理常规(公司/企业)Azure AD 的用户.虽然在技术上可以通过此刀片创建/添加用户，但您最终会遇到不希望/意外的行为，例如，正如您所观察到的，用户是使用 @tenantname.onmicrosoft.com 创建的，或者通过 Azure 将他们创建为访客AD B2B 协作功能最终无法登录到您的 Azure AD B2C 集成应用程序.

This blade, while available from the Azure AD B2C Edit Settings blade, is meant at this time to be used to manage users for regular (corporate/enterprise) Azure AD. While it is technically possible to create/add users via this blade, you'll end up with undesired/unexpected behavior such as, as you observed, users being created with @tenantname.onmicrosoft.com or having them created as Guests via the Azure AD B2B Collaboration feature that ultimately can't sign in to your Azure AD B2C integrated applications.

在 Azure AD B2C 上下文中，您应该只使用此刀片浏览租户中的用户，始终处于只读模式.

In the context of Azure AD B2C, you should only use this blade to browse the users in the tenant, always in read only mode.

要创建 Azure AD B2C 用户，您应该:

To create Azure AD B2C users, you should either:

• 让用户通过注册或统一的注册/登录政策自行注册.
• 通过 Graph API 以编程方式预先创建用户.对于这种方法，请查看 此示例包含一个用于创建用户并展示其背后代码的 CLI.

• Have the users sign-up by themselves via the Sign-up or unified Sign-up/Sign-in policy.
• Programatically pre-create the users via the Graph API. For this approach check out this sample which contains a CLI to create users and showcases the code behind it.

这篇关于如何在 Azure Active Directory B2C 中添加具有本地名称的用户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！