Usernames in Azure AD B2C
Make the switch
“Local accounts” default to type “Email” in a newly created Azure AD B2C tenant . If you write an app backed by Azure AD B2C without making the following changes, your consumers can only use email addresses as identifiers to sign up & sign in.
However, it is trivial to switch your tenant and use “usernames as identifiers” instead. All you need to do is navigate to the Azure AD B2C blade on the Azure portal, click on Identity Providers and select Username in the Local accounts drop-down. Save your changes.
Sign-up and sign-in policies (with “Local accounts” as an identity provider) created subsequently and used in your app will work as expected. However, older policies created before the switch become invalid; this is because they point to “Local account” type “Email” instead of type “Username”. This could trip you up if you didn’t make the switch to begin with.
Why use “usernames”?
There are a couple of good reasons to pick usernames, even though most apps today prefer email addresses:
- Your existing apps & consumers use usernames and you want to migrate them over to Azure AD B2C.
- Signing in with usernames is integral to the app’s experience. For example, the use of Twitter or gaming handles.
Email still necessary
Azure AD B2C collects and verifies consumers’ email addresses even if they sign up with usernames. There needs to be at least one recovery method, i.e., the email address, if a consumer forgets his or her password.
The object-level differences (in Azure AD B2C’s cloud directory) between social, email-based local, username-based local and Azure AD (work or school) accounts.