使用 Graph 在 Azure B2C 中预创建联合用户 [英] Pre-Create Federated Users in Azure B2C Using Graph
问题描述
是否可以通过 Graph API 在 Azure B2C 中预先创建联合用户?这是场景:
Is it possible to pre-create federated users in Azure B2C via the Graph API? Here's the scenario:
我已将 Azure AD 租户作为 IdP 添加到我的 B2C 租户.但是,我不希望联合用户能够注册.我希望他们只有在 B2C 目录中已经存在时才能登录.因此,如果不是,他们会收到一条错误消息.所以我想我可以使用 Graph 创建联合用户.以下是我尝试使用的请求正文,但出现以下错误,说明 UPN 必须使用组织中的域之一.是否可以通过 Graph 实现我希望实现的目标?如果不是通过 Graph API,我该如何完成?不需要在自定义策略中调用 REST API.
I have added to my B2C tenant an Azure AD tenant as an IdP. However, I do not want federated users to be able to signup. I want them to only be able to signin if they are already present in the B2C directory. So, if they are not, they get an error message. So I was thinking I could create the federated users using Graph instead. Below is the request body I attempted to use but I get the error that follows, which says the UPN has to be using one of the domains in the organization. Is it possible to accomplish what I a looking to achieve with Graph? If not by Graph API, how can I accomplish? REST API call in custom policy is not desired.
{
"givenName": "John",
"identities": [
{
"signInType": "federated",
"issuer": "abc.com",
"issuerAssignedId": "jdoe@abc.com"
}
],
"surName": "Doe",
"mail": "jdoe@abc.com",
"accountEnabled": true,
"displayName": "John Doe",
"mailNickname": "jdoe",
"userPrincipalName": "jdoe@abc.com",
"passwordPolicies": "DisablePasswordExpiration"
}
{
"error": {
"code": "Request_BadRequest",
"message": "The domain portion of the userPrincipalName property is invalid. You must use one of the verified domain names in your organization.",
"innerError": {
"date": "2020-08-05T03:45:26",
"request-id": "xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxx"
},
"details": [
{
"target": "userPrincipalName",
"code": "InvalidValue"
}
]
}
}
推荐答案
删除 "userPrincipalName": "jdoe@abc.com",
将解决此问题.
Remove "userPrincipalName": "jdoe@abc.com",
will fix this issue.
Microsoft Graph 似乎不允许我们在为 Azure B2C 创建用户时设置 userPrincipalName
.它将生成 userPrincipalName
作为 {object id}@abc.com
.
Microsoft Graph seems not to allow us to set userPrincipalName
when creating the user for Azure B2C. It will generate the userPrincipalName
as {object id}@abc.com
.
然后您可以更新 userPrincipalName
.
PATCH https://graph.microsoft.com/v1.0/users/{object id}
{"userPrincipalName":"jdoe@abc.com"}
这篇关于使用 Graph 在 Azure B2C 中预创建联合用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!