我一直在尝试遵循此操作:link-local-account-with-federated-account
基本上我想做的就是从外部租户创建(邀请)一个用户作为联合用户,并能够在创建时向该用户分配自定义属性。
但是,有一些事情我无法从自述文件中弄清楚。如果有人能阐明这些,我将非常感激:
应用程序基础是 DotNet + Angular,使用 Microsoft Angular 身份验证库。
我读了很多书,但无法弄清楚这一点,也找不到任何清楚描述该过程的文章。预先感谢:)
我执行了以下步骤:
var userRequest = new User
{
AccountEnabled = true,
UserPrincipalName = "<some_email_com>#EXT#@<domain>.onmicrosoft.com",
UserType = "Member",
DisplayName = user.Email,
MailNickname = "NewUser",
PasswordProfile = new PasswordProfile
{
ForceChangePasswordNextSignIn = false,
Password = "Test1234"
},
AdditionalData = new Dictionary<string, object>
{
{ ExtensionAttribute("custom0"), false },
{ ExtensionAttribute("custom1"), someValue },
{ ExtensionAttribute("custom2"), someValue },
{ ExtensionAttribute("custom3"), someValue },
{ ExtensionAttribute("requiresMigrationBool"), true }
},
Identities = new List<ObjectIdentity> {
new ObjectIdentity()
{
SignInType = "oidToLink",
Issuer = "<domain>.onmicrosoft.com",
IssuerAssignedId = "<WHERE DO I GET THIS OID?>"
}
}
};
Selected user account does not exist in tenant 'xxxxxxxxxxxx' and cannot access the application 'app_id' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.