This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 8%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Hi There,
We are at the verge of deciding if we need a single unified B2C instance or multiple for our multiple applications leveraging B2C. Need advice on the below as it will be a deciding factor to go either way (single or multiple) B2C directory.
Scenario:
Two applications, app1 & app 2.
Both applications will be using same IDP's- local account & MSA.
Both app1 & 2 will be using separate app registrations, built-in or custom user flows for different branding and sign-in experience.
Requirement:
User1 is registered for app1, user2 is registered for app2. User1 should not be able to login to app2 and vice versa for user2.
I know in this scenario, since we are using same B2C and same identity providers for both the apps / user flows, there will be SSO out of the box. Is there a way we can control the SSO not to happen in between multiple applications within same B2C?
Thank you!
In order to avoid limiting users to specific applications you can leverage Custom Policies in tandem with features such as Restrictions (for local accounts) so that only specific issuerUserId values are allowed to be input or used (EG: users from selected domains trough a regular expression) or claims transformations such as SetClaimsIfRegexMatch and AssertBooleanClaimIsEqualToValue to output the result of matching the issuerUserId with the same regular expression used before and raise an error according to the result.
SSO sessions can be scoped to application, policy or even disabled.
Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.