2

In Azure B2C there are several identity providers, for this example I'm going to use local accounts and Google accounts:

A new user signs up with a local account using the email address user@gmail.com. They use the site, next time they return, they instead decide to sign in using the Google identity provider with the same email address and they then use the site.

Currently this would have created two user accounts - each using one of the identity providers.

Instead, is it possible to set B2C up so that in this scenario we end up with a single user account, which is linked to both identity providers? Therefore regardless of which method they use to authenticate, they will be signed in as the same user.

penguin178
  • 344
  • 1
  • 3
  • 20

1 Answers1

1

You can achieve it by working with Identities property.

When the user signs in/up using external identity provider the alternative identity is used (created from external identifier and external issuer). In most cases a single alternative identity is used but the property in the user object is always a collection. You can manipulate the collection using proper claim transformations - AddItemToUserIdentityCollection, RemoveUserIdentityFromCollectionByIssuer, etc.

You can find a ready to use sample doing the linking and unliking identities to the account in an official samples repository: https://github.com/azure-ad-b2c/samples/tree/master/policies/account-linkage-unified

wojtekdo
  • 374
  • 1
  • 8