Using multiple B2C sign in policies

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.28.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.4.1

Public or Confidential Client?

Public

Description

We are looking at implementing a impersonation flow to our Angular application. Currently we are using a custom sign-in sign-up policy using local accounts.

The requirements are to be able to login via Azure AD (single tenant) then impersonate a local account. We’ve setup login via AzureAD and that works. We have also setup the impersonation flow (in a separate policy) which has the user login via AzureAD then does the impersonation flow. If I set the authority to https://{Url}/{TenantID}/B2C_1A_IMPERSONATION then I can impersonate users.

Knowing both flows work on their own we want to be able to have the site allow users from either sign in type.

So far we have tried setting the knownAuthorities to have both B2C_1A_IMPERSONATION and B2C_1A_SIGNUP_SIGNIN. This causes no login actions to be tried as it doesn’t know where to get the well-known config from (this is an assumption).

Any help on getting this working or a simple this isn’t possible would be great.

MSAL Configuration

{
   "auth":{
      "clientId":"{clientId}",
      "authority":"https://{url}/B2C_1A_IMPERSONATION",
      "knownAuthorities":[
         "{domain}"
      ],
      "redirectUri":"http://localhost:4200",
      "postLogoutRedirectUri":"{logoutUri}"
   },
   "cache":{
      "cacheLocation":"BrowserCacheLocation.LocalStorage",
      "storeAuthStateInCookie":isIE
   }
}

Relevant Code Snippets

No response

Identity Provider

Azure B2C Custom Policy

Source

External (Customer)