问题
I got Azure AD B2C up and running in my ASP.NET Core web app. But I wonder what's the best way to actually approve new users when they sign up? Is there anything built-in?
Now, anyone can click on Sign-Up link and there you go, you provide your data and click a button. And you're in my tenant Azure AD B2C directory! Now, I'd like to have some control over this.
Did I mention every user costs $1/month when you want to customize Azure AD UI??? (as far as I understand it, correct me if I'm wrong). So if someone goes and sign up 1000 users I'll have to pay for it $1000??
回答1:
At this time there is not built-in support for user sign up approval workflows.
You can achieve this by:
Having a custom attribute to determine whether a user has been "approved" or not. You would let users sign up by themselves and you would create an experience or flow that queries the Azure AD Graph for users that haven't been "approved" and then either approve them or delete them.
Building an invitation flow. When you invite a user, you'd create the user through the Azure AD Graph. You would then direct your users to the Password Reset policy as their "account verification" flow.
As for your pricing question, if you customize the UI via the newer unified sign-up/sign-in policies, you'll only pay the regular Azure AD B2C pricing model: between $0.0011 and $0.00063 per user depending on how many you have.
Customizing the UI in the older sign-up policy is not really available. As a workaround, you can use Azure AD Premium's company branding feature which is the one that costs $1 per user. If this is the route you are pursuing, I'd recommend voting for this ask: Fully Customizable Sign-In Page.
来源:https://stackoverflow.com/questions/44663306/azure-ad-b2c-approval-upon-sign-up