We are facing an issue in Azure AD B2C to authenticate only Local and Guest users. It is possible with just an application of a single tenant. But We need to add custom claims in token which is not possible at the application level.
let me explain my requirements, I need to authenticate only those users who are in the current tenant(B2C tenant) or invited as a guest from other tenants. this is possible with just application but I need to add some custom claims to the token. With only the application, I cannot add custom claims to the token.
I have done some R&D but I found that guest users are only to manage tenants, but why does it authenticate with the application level?
Is it possible to authenticate only local and guest users( invited from the other tenant)? Is it possible to add custom claims on the application level? Is it possible with Just User flow or do we need a custom policy?
Correct - "I found that guest users are only to manage tenants".
B2C does not have a concept of guest users as "users". Guest users are simply admins. on the B2C portal.
To add custom claims, you can either add them in a user flow or use extension attributes in a custom flow.
Refer here for both options.