I am trying to use the Sign up using invitation sample for B2C. We only want users to be able to sign up via invitation.

After following this tutorial to setup AD B2C multi-tenant for Microsoft sign in: Set up sign-in for multitenant Microsoft Entra ID using custom policies in Azure Active Directory B2C, we encountered this issue:

We have a custom policy that provides new users with a QR code to scan in their authenticator app to create TOTP codes for authentications. I am having an issue where the QR code does not load for some users. I have been trying to recreate this myself but am unable to, the QR code always loads for myself, but we have a couple users a week complaining about this.

I am new to custom policies for Azure AD B2C and have encountered an issue while working with custom attributes. The custom attributes I have added are being included in the token when a user creates an account (example below), but they are not present in the token during subsequent sign-ins. I have implemented several of the suggestions from other posts [1], [2], [3], but I have hit a dead end.

We have implemented a custom policy based on the Invite sample. An Azure function generates an invite link which is mailed to the new user. That url directs the user to our Signup policy. All the steps in the signup policy are executed successfully (user is created), but in the last step (SendClaims) we get an exception:

I’m have a B2C used to store users for multiple app tenants. In order to specify the tenant a user has access to, I’ve added a custom attribute tenant (available via extension_tenant claim) which is actually a comma separated list of tenants, eg: tenant_1,tenant_2.

We have implemented an Azure backend that exposes a Web API and uses Azure AD B2C to authenticate users. These APIs are consumed by a web portal that is built using a low code platform. When a user navigates to the web portal he is first redirected to Azure AD B2C to login with username/password plus MFA. Upon successful login the user receives a JWT token which is passed in an authorization header to API calls. The API verifies the token and returns data to the portal. A token is valid for one hour and once expired the user has to login again with username/password and MFA.

Use case/goal: allow users to change their personal info + password …and do so via/from a single “page”.

I’m using Azure B2C Custom Policies with SMS 2FA via the PhoneFactor-InputOrVerify Technical profile. This works, but users are finding they’re quite often, upon successful login, then immediately redirected back into the B2C login profile again and prompted for the 2FA code a second time (just 2FA this second time, not the username/password). This doesn’t happen all the time, and seems to happen more often for some than others.

I have a site where external users sign in using a B2C tenant with custom policies. The site has been up and running for a few years without issue. Recently users newly created in the Azure portal UI aren’t able to login using the initial password. They just get the “Your password has expired” error message on the login screen.