Searching for Identities in Azure AD B2C using the Graph API

Wikimedia

I discussed Identities here.

You may find that you get an error when you try and add an identity. Maybe it’s a duplicate? The question is how to find the duplicate identity in B2C?

You can find the search query parameters here.

I’ve used the B2C user utility.

The search queries would be the same if you used e.g. GraphExplorer.

Using the utility, let’s create some identities:

{
"accountEnabled": true,
"displayName": "Adele Vance",
"mailNickname": "AdeleV",
"userPrincipalName": "AdeleV@tenant.onmicrosoft.com",
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "xWwvJ]6NMw+bWH-d"
},
"identities": [
{
"signInType": "userName",
"issuer": "tenant.onmicrosoft.com",
"issuerAssignedId": "johnsmith"
},
{
"signInType": "emailAddress",
"issuer": "tenant.onmicrosoft.com",
"issuerAssignedId": "jsmith@yahoo.com"
},
{
"signInType": "federated",
"issuer": "facebook.com",
"issuerAssignedId": "5eecb0cdgf"
}
]
}

Place this in a file called “create-user.json”.

Run:

b2c create-user create-user.json

Now if you look at the user in B2C:

Image showing user identity with Issuer, Sign-in type and Issuer Assigned ID

Now I can search e.g.

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘tenant.onmicrosoft.com’ and i/issuerAssignedId eq ‘johnsmith’)”)

This shows:

Using tenant tenant.onmicrosoft.comGET https://graph.microsoft.com/beta/tenant.onmicrosoft.com/users?$filter=(identities/any(i:i/issuer eq 'tenant.onmicrosoft.com' and i/issuerAssignedId eq 'johnsmith'))
Authorization: Bearer eyJ0eX...ZUc4UE5qZ1ZmQ1hWSXp2MWZWQVVKVi13...
200: OKUser details ...

Notice that you use the “beta” endpoint.

or:

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘facebook.com’ and i/issuerAssignedId eq ‘5eecb0cdgf’)”)

or:

B2C Get-User $filter=(“identities/any(i:i/issuer eq ‘facebook.com’)”)

It doesn’t look like “signInNames” or “signInType” are supported search types.

"message": "Property 'signInType' does not exist as a declared property or extension property."

Just FYI: if you want to search on an attribute:

B2C Get-User $filter=startswith(userPrincipalName,’AdeleV@tenant.onmicrosoft.com’)

or:

B2C Get-User $filter=startswith(“mailNickname”,’AdeleV’)

All good!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store