Open in app

Sign in

Write

Sign in

Searching for Identities in Azure AD B2C using the Graph API

Rory Braybrook
The new control plane
Published in
2 min readJun 13, 2022
Wikimedia

I discussed Identities here.

You may find that you get an error when you try and add an identity. Maybe it’s a duplicate? The question is how to find the duplicate identity in B2C?

You can find the search query parameters here.

I’ve used the B2C user utility.

The search queries would be the same if you used e.g. GraphExplorer.

Using the utility, let’s create some identities:

{
 "accountEnabled": true,
 "displayName": "Adele Vance",
 "mailNickname": "AdeleV",
 "userPrincipalName": "AdeleV@tenant.onmicrosoft.com",
 "passwordProfile": {
  "forceChangePasswordNextSignIn": true,
  "password": "xWwvJ]6NMw+bWH-d"
 },
 "identities": [
  {
   "signInType": "userName",
   "issuer": "tenant.onmicrosoft.com",
   "issuerAssignedId": "johnsmith"
  },
  {
   "signInType": "emailAddress",
   "issuer": "tenant.onmicrosoft.com",
   "issuerAssignedId": "jsmith@yahoo.com"
  },
  {
   "signInType": "federated",
   "issuer": "facebook.com",
   "issuerAssignedId": "5eecb0cdgf"
  }
 ]
}

Place this in a file called “create-user.json”.

Run:

b2c create-user create-user.json

Now if you look at the user in B2C:

Image showing user identity with Issuer, Sign-in type and Issuer Assigned ID

Now I can search e.g.

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘tenant.onmicrosoft.com’ and i/issuerAssignedId eq ‘johnsmith’)”)

This shows:

Using tenant tenant.onmicrosoft.comGET https://graph.microsoft.com/beta/tenant.onmicrosoft.com/users?$filter=(identities/any(i:i/issuer eq 'tenant.onmicrosoft.com' and i/issuerAssignedId eq 'johnsmith'))
Authorization: Bearer eyJ0eX...ZUc4UE5qZ1ZmQ1hWSXp2MWZWQVVKVi13...200: OKUser details ...

Notice that you use the “beta” endpoint.

or:

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘facebook.com’ and i/issuerAssignedId eq ‘5eecb0cdgf’)”)

or:

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘facebook.com’)”)

It doesn’t look like “signInNames” or “signInType” are supported search types.

"message": "Property 'signInType' does not exist as a declared property or extension property."

Just FYI: if you want to search on an attribute:

B2C Get-User $filter=startswith(userPrincipalName,’AdeleV@tenant.onmicrosoft.com’)

or:

B2C Get-User $filter=startswith(“mailNickname”,’AdeleV’)

All good!

Azure Ad B2c
Azure B2c
Identity
Custom Policies
Search

--

--

Rory Braybrook
The new control plane

Written by Rory Braybrook

704 Followers
Editor for

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: https://bit.ly/2XU4yvJ Presentations: http://bit.ly/334ZPt5

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams