0

Is it possible using Graph API or similar to automatically add users to a security group in Azure B2C?

The background is that during an Azure B2C user journey for signup/sign the user will access an application after successful authentication. But I would like to role assign based on the security group the user is a member of.

Therefore if a new user signs up, they could be defaulted to lets say "DefaultUsersGroup" and this will be present in their token thus giving them default access to the app. Otherwise if an existing user signs in, this will perform some logic to determine the group the user should be a member of and then grant them access dependant on their membership.

Thank you.

RJ.
  • 15
  • 4

1 Answers1

0

You can do this by introducing your own REST API/s during your user journey. Your API should then call MS Graph API to do the Group+Role assignment, and on sign in, the Role resolution based on group membership.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-rest-api-claims-exchange

This sample may also help https://github.com/azure-ad-b2c/samples/tree/master/policies/relying-party-rbac

Jas Suri - MSFT
  • 10,605
  • 2
  • 10
  • 20
  • Thanks again Jas! :) I completed this today successfully and setup the REST API with integration to Graph API and SharePoint to achieve what I needed and is now working. – RJ. Apr 01 '20 at 21:31