How to create users with same email but with different in custom user attribute in Azure AD B2C?

Azure-Samples / active-directory-b2c-advanced-policies

Sample for use with Azure AD B2C with Custom Policies.

http://aka.ms/aadb2ccustom

MIT License

217 stars 145 forks source link

How to create users with same email but with different in custom user attribute in Azure AD B2C? #69

Closed athulya-ratheesh closed 3 years ago

athulya-ratheesh commented 4 years ago

I have to create multiple users in Azure AD B2C which only differs in a custom user claim.

Eg : I have an email 'test@gmail.com' and also I have created a custom user attribute called as 'Project' and then added this attribute in SignIn/SignUp user flow. What I need is

1) To register the given email with differs in Project. ie; User 1 email : 'test@gmail.com', project : 'Project1'

User 2 email : 'test@gmail.com', project : 'Project2'

In the sign up flow I can create a user and can provide the specified attribute. But it doesn't allow me to create another account with the same email.

2) At the time of login user need to provide the 'Project' as a second step of authorization.

Any help would be highly appreciated. Thanks in advance.

Mortana89 commented 3 years ago

Hi @athulya-ratheesh ,

I see you closed this issue. We're actually investigating the same, using B2C as a multi-tenant user store, so An email-address could be used in multiple tenants, but should have a different password (they are really different accounts, just same email).

How did you approach this?

athulya-ratheesh commented 3 years ago

Hi @Mortana89,

We planned like, Sign up of users will be from a common admin page. But the user login will be from different login pages for each project.

Based on the example I have mentioned in the above issue

project1 will have a dedicated login page like 'login/proj1' and project 2 will have 'login/proj2'.
Based on the login page they need to be treated as different users, but they may have the same email with different password.
The field 'Project' can be considered as a custom claim value which we saved on user registration.
On successful login each user will have a validation check to know whether the user have access to that particular project.

The issue I am facing is that, Azure AD B2C will not allow registration of same email id twice (Except they are from different providers.).

Mortana89 commented 3 years ago

I had a chat with Microsoft engineers about this issue and they learned me that, unless you go really deep in B2C, hacking away, it's better to use something like IdentityServer for multi-tenant authentication as this czn be freely customized... Just Passing the info

athulya-ratheesh commented 3 years ago

@Mortana89 Sounds good. We are going with other options. Thank you.

mk4953 commented 2 years ago

@Mortana89 I have the same issue..I will create a B2C user with one email and more usernames under this mail. The issue is i cannot specify or give different passwords to the users that created under this e-mail. All must sign in with the same password, that is not desirable. My case is: User => Alex has 3 different accounts on the same webapp. But he has to use 3 different Username because of 3 different works. And he will use MFA with his mail. Mail : alex@test1.com Username1: alexUsername1 Username2: alexUsername2 Username3: alexUsername3

When they attempt to sign, all usernames must use the same password, which is not solve our problem.

Do you have any suggestion / solution to this?

I hope you can help me guys :)