This is the problem:
The user SSO using an external IdP, but after that I go to his account to see that it's disabled. Why?
This is the line where the account is created:
<ClaimsExchange Id="AADUserWrite" TechnicalProfileReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
The only thing that has been modified is the following:
<TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="accountEnabled" AlwaysUseDefaultValue="true" DefaultValue="true" />
</PersistedClaims>
</TechnicalProfile>
</TechnicalProfiles>
which is in the technical profile file, but even with this it's disabled
This is the problem:
The user SSO using an external IdP, but after that I go to his account to see that it's disabled. Why?
This is the line where the account is created:
<ClaimsExchange Id="AADUserWrite" TechnicalProfileReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
The only thing that has been modified is the following:
<TechnicalProfile Id="AAD-UserWriteUsingAlternativeSecurityId">
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="accountEnabled" AlwaysUseDefaultValue="true" DefaultValue="true" />
</PersistedClaims>
</TechnicalProfile>
</TechnicalProfiles>
which is in the technical profile file, but even with this it's disabled
Share Improve this question asked yesterday IriaAMIriaAM 254 bronze badges1 Answer
Reset to default 0This is because a federated account in B2C is a "shadow account".
It uses AlternativeSecurityId to access rather than a local account objectID.
The account is "disabled" in B2C because you can't log in to that account locally.
You have to go via a federation login.