web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Problems signing in wi...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Problems signing in with b2c

(5) ShareShare
ReportReport
Posted on by MP-26031339-0 35
I have created a custom b2c policy which we will be using for users of our dynamics system.
I have configured the identity provider for b2c on Power Pages.
We have:
  • Contact mapping with email - OFF
  • Registration enabled - OFF
  • Login claims mapping - "adx_identity_username=objectid"
  • The b2c policy returns the objectid of the matched contact from the dataverse
When a user logs in, the custom policy calls a function app which will search the contacts in the dataverse for the b2c object Id in the adx_identity_username field of all contacts.
If found, it returns straight away and b2c returns to the landing page on dynamics.
 
If the contact is not found, the function app will search for the contact by the first name and surname and email address they logged in with.
If a contact is found, the b2c object Id is stored on the dataverse contact ready for next time and it returns to dynamics
 
Failing that, a contact is created on the dataverse.
 
What this means is that when b2c returns to dynamics, the b2c object id will exist in a contact record ready for dynamics to pick it up.
 
The problem I am having is that it is giving me the following error:
 
 
Any ideas?
 
Categories:
Dynamics 365 general
I have the same question (0)
  • Suggested answer
    Daivat Vartak (v-9davar) Profile Picture
    Daivat Vartak (v-9d... 7,835 Super User 2025 Season 2 on at
    Hello MP-26031339-0,
     

    The error message you're seeing:

    "The username "18a[BLOCKED_SECTION]b7f" is already taken."

    Indicates that the system is attempting to create a user account with a username that already exists. Let's break down why this is happening in your scenario, and how to fix it.

    Understanding the Problem

    1. adx_identity_username is not a username: The adx_identity_username field you're using is intended to store the Azure AD B2C objectid, which is a unique GUID. It is not meant to be used as a traditional username for login.

    2. Power Pages Registration Attempt: Even though you've disabled registration on the Power Pages configuration, the system may still be trying to register a user internally when it encounters a new login from B2C. This is likely due to the way B2C is configured as an Identity Provider and how Power Pages handles external login.

    3. Username Collision: The error message suggests that Power Pages is attempting to use the objectid (which is a GUID) as the username during this internal registration process. Since GUIDs are intended to be unique, this is likely a misconfiguration or a flaw in how Power Pages is handling the objectid in your specific setup.

       


      4.  

    Troubleshooting and Solutions

    1. Correct Login Claims Mapping:

      • The most critical issue is that your login claims mapping is incorrect. Mapping objectid to adx_identity_username is fine for storing it, but it's not the right claim to use for login.
      • Power Pages expects a unique username claim for login. You need to identify a different claim from your B2C policy that represents a unique identifier for the user (e.g., email address, a user-specific ID from your application).
      • Example: If you want to use the email address as the username, you would map the email claim from B2C to a suitable field in Power Pages (possibly a custom field).

        •  

    2. Disable User Registration in Power Pages:

      • Double-check and confirm that user registration is completely disabled in the Power Pages Identity Provider settings. This will help prevent unintended registration attempts.

        •  

    3. Review Your B2C Policy:

      • Examine the claims being returned by your B2C policy. Make sure there is a claim that represents a unique identifier for the user that you can use for login.

        •  

    4. Power Pages Configuration:

       

      • Verify that the "Default authentication mode" is set to "External."
      • Ensure that the "External authentication mapping" is correctly configured. This is where you map the claims from B2C to the appropriate fields in Power Pages.

    5. Custom Function App Logic:

      • Review your custom function app logic. While it sounds like it's working correctly to find and create contacts, it's worth double-checking that it's not inadvertently triggering any internal registration processes in Power Pages.

        •  

      6.  

    Example Correction (using email as username)

    Let's assume your B2C policy returns the email address as the claim emails[0].

    1. In Power Pages Identity Provider Settings:

      • Login claims mapping: Change it to something like adx_identity_username=emails[0] (or whatever the correct claim name is).
      • Ensure you have a field in the Contact table to store this email.

    2. In your Function App:

      • Make sure your function app is not creating a user entry using the objectid as a username. It should only be storing the objectid in the adx_identity_username field. 

        •  

      3.  

    Important Note:

    • The adx_identity_username field should NOT be used for login. It's simply a place to store the B2C objectid.


      •  

    By correcting your login claims mapping and ensuring that registration is properly disabled, you should resolve the "username already taken" error. Remember to use a unique user identifier (like email) as the username for login.

     
    If my answer was helpful, please click Like, and if it solved your problem, please mark it as verified to help other community members find more. If you have further questions, please feel free to contact me.
     
    My response was crafted with AI assistance and tailored to provide detailed and actionable guidance for your Microsoft Dynamics 365 query.
     
    Regards,
    Daivat Vartak
  • Verified answer
    MP-26031339-0 Profile Picture
    MP-26031339-0 35 on at
    After much triaL and error and gnashing of teeth, I eventually came up with the answer which I will share here.
     
    The B2C custom policy calls an Azure Function App (passing in all fields from the Sign/SignUp form) that will do the following:
     
    On Sign Up or Sign In:
    Search in dataverse table External Identity for the b2c obbject ID in the adx_username field.
    If found, we have a match, job done
     
    -----------------------------------------------------------------------------------------
     
    On Sign Up Only
     
    Search in dataverse table Contact for the person using the fields on the SignUp form
    If 1 match found - create a row in the dataverse table External Identity setting;
     
    adx_username = b2c object ID
    adx_identityprovidername = Issuer URL from the b2c SignIn/SignUp custom policy
    adx_contactid = Id from the matched contact record
     
    NOTE: the value to set adx_identityprovidername is NOT the Authority URL that you set in power pages for the b2c settings.
     
    Next update the Contact record like so:
     
    adx_identity_username = b2c object ID
    adx_identity_logonenabled = YES (true)
     
    If the contact does not have a value for adx_identity_securitystamp, set it to a new GUID
     
    If no matches found, create a row in the Contact dataverse table setting all fields you have including the ones mentioned above.
    and then create a row in the External Identity dataverse table as described above.
     
     
    When the Function App returns, it will return the following claims to power pages:
     
    oid - b2c object ID
    iss - b2c issuer URL
     
    check that your policy returns these.
     
    Now in the Power Pages configuration page identity providers, open the one for Azure AD B2c
    set both claims mapping fields to:
     
    adx_username=oid,adx_identityprovidername=iss,adx_identity_username=oid
     
    Then set Contact mapping with Email = OFF
    Registration enabled = OFF
     
    and this is our working solution!
     

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
iampranjal Profile Picture

iampranjal 47

#2
Martin Dráb Profile Picture

Martin Dráb 41 Most Valuable Professional

#3
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 32 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans