How to link an existing B2C tenant programatically via Azure CLI? Running this line:
az resource create --resource-group <rg> --resource-type Microsoft.AzureActiveDirectory/b2cDirectories --name <tenant>.onmicrosoft.com --location Europe --properties "{\"tenantId\": \"<tenantId>\", \"sku\": { \"name\": \"Standard\", \"tier\": \"A0\" } }"
Returns BadRequestError: The 'sku' property is required for creating a b2c directory resource
but it is there
The ARM "B2C Link Resource" looks like this:
{
"type": "Microsoft.AzureActiveDirectory/b2cDirectories",
"apiVersion": "2017-01-30",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": {},
"sku": {
"name": "Standard",
"tier": "A0"
},
"properties": {
"tenantId": "[parameters('tenantId')]"
}
}
Further Information:
--sku Standard
etc but none of them seem to workaz resource delete --ids /subscriptions/<subscriptionId>/resourceGroups/<rg>/providers/Microsoft.AzureActiveDirectory/b2cDirectories/<tenant>.onmicrosoft.com
works perfectly fineAny advice appreciated. Thanks for your help!
I don't think Azure CLI currently can have the ability to manage B2C tenants.
As you are aware already, there is a detailed discussion done https://github.com/Azure/azure-cli/issues/12058
Other Programmatic Approach:
I had captured Fiddler Traces to understand the flow / or the endpoint that is responsible. I was able point to the below endpoint. I was checking for the create a new Azure B2C Tenant.
PUT https://management.azure.com/subscriptions/SUBSCRIBTION/resourceGroups/RESOURCEGROUP/providers/Microsoft.AzureActiveDirectory/b2cDirectories/contosoorganiztion.onmicrosoft.com?api-version=2019-01-01-preview
{"location":"United States","sku":{"name":"Standard","tier":"A0"},"properties":{"createTenantProperties":{"displayName":"Contoso Organization","countryCode":"US"}}}
However, I was not able to check the "Link to existing the Tenant" (for your requirement) option at my end due to permissions at my end. But I am assuming there should be a similar endpoint responsible for the same. You could capture Fiddler traces with Https decrypted (or any tool that will help capturing the decrypted HTTPS Traffic), trying to link an existing tenant to understand the endpoint and the request body.
Note :
Keep mind this API/endpoint is not supported and subject to change thus not recommended for production environments:
You will need access token in order to hit the endpoint.
To obtain token, resource id of the Azure portal would be :74658136-14ec-4630-ad9b-26e160ff0fc6
az account get-access-token --resource 74658136-14ec-4630-ad9b-26e160ff0fc6
Fiddling around with unsupported features is not an option for us at the moment. I upvotet the corresponding feature request feedback.azure.com/forums/169401-azure-active-directory/… and will wait. Thanks!