Entra ID - Disabling signup flow adds weird enterprise login options to the sign-in page

Robert Desbiens 40 Reputation points
2024-07-09T14:25:22.21+00:00

In Entra Id, I have an application with a Sign-in user flow. Basically, I want to prevent users to create accounts. Unfortunately, I have not found a way to disable sign-up within Entra other than to use the Graph Api.

But the problem is, when I disable signup using graph api like this :

PATCH https://graph.microsoft.com/beta/identity/authenticationEventsFlows/<redacted id>
Content-Type: application/json
Authorization: Bearer 
{
    "@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",
    "onInteractiveAuthFlowStart": {
        "@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",
        "isSignUpAllowed": "false"
    }
}

I end up with weirds options being added to the sign-in page like the "CAN'T ACCESS YOUR ACCOUNT?" and "Sign-in options":

User's image

The "CAN'T ACCESS YOUR ACCOUNT?" lead to a weird account recovery page that is not the normal password reset page, it has no branding.

The "Sign-in options" leads to a page asking for biometrics... it does not make much sense.

Another problem that arise when trying to sign in with an email that is not in our Entra Id repository, we get this weird error message that is different from the usual "An account with this email does not exists.":
"You can't sign in here with a personal account. Use your work or school account instead."
User's image

I've also tried using CSS to remove the sign-up link but it does not work.

How do I disable the sign-up while conserving the same behavior as before doing it?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,006 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,703 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 29,746 Reputation points Microsoft Employee
    2024-07-10T07:49:29.34+00:00

    Hi Robert Desbiens,

    Thanks for reaching out.

    This is expected behavior by design as of now. In sign in page, if customer will not be able to sign in due to any reason, can't access your account is redirect to password reset page.

    I checked at my end, and it is redirecting me to password reset page only. Could you please confirm to which page you are redirecting to while clicking on "Can’t access your account?

    There is a company branding to customize the sign in experience, although, we currently don't have this feature in the UX portal yet.

    https://video2.skills-academy.com/en-us/entra/fundamentals/how-to-customize-branding

    The Microsoft Entra External ID is a fresh addition to the Microsoft Entra suite where lot of features evolving with time. There are changes

    I would suggest you post this idea at the Azure Feedback Portal, which is monitored by the product team for feature enhancements.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.