Azure Active Directory B2C Global Administrator can't login to B2C tenant app
I have been doing some testing with the Azure Active Directory Graph API and encountered some issues when using my global administrator account to attempt login to one of the application’s I registered within the B2C tenant. In doing so, I discovered something interesting about the Global Administrator accounts within the Azure AD B2C tenant.
This error occurs when I try to login with the global administrator from the linked Azure AD tenant:
AADSTS70001: “Application with identifier ‘c8f9a6ef-a5c6-4d19-993d-2c4ded2b55d6’ was not found in the directory 3bd0245c-cac9-4dc2-bb49-15371698af05”
It appears that the tenant is automatically detected from the username I supplied.
This account happens to be the Global Administrator for the B2C tenant so even though the user shows up in the Azure AD B2C Directory’s user list it is not recognized as an actual user within the directory.
Notice the Global administrator designation of the user.
The differences within the portal are quick stark. For this special Global admin user account, you can’t reset the password from the B2C tenant.
This account creates some weirdness in that from the portal view the account is a valid user, however, when attempting login, the B2C tenant recognizes the user as being from a different tenant and rejects the login attempt. So this global administrator user object appears to sit the fence between the original Azure AD and the Azure AD B2C.