Here's a step-by-step guide to help you through the process.
Registered App in Azure AD B2C with:
- Delegated
Microsoft Graph API permissions:
- User.ReadWrite.All
- Directory.ReadWrite.All
- Client
secret
Admin Consent granted for permissions
Step 1: Get Access Token
Request:
Method: POST
URL: https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token
Headers:
Content-Type: application/x-www-form-urlencoded
Body: (x-www-form-urlencoded):
grant_type=client_credentials
client_id={your-client-id}
client_secret={your-client-secret}
scope=https://graph.microsoft.com/.default
Endpoint will provide you with an Access Token
Step 2: Create a User
Request:
Method: POST
URL: https://graph.microsoft.com/v1.0/users
Headers:
Authorization: Bearer {access_token}
Content-Type: application/json
Body (raw JSON):
{
"displayName": "sunny setia",
"givenName": "sunny27",
"surname": "setia",
"identities": [
{
"signInType": "emailAddress",
"issuer": "tssorg.onmicrosoft.com",
"issuerAssignedId": "setia27@mailinator.com"
}
],
"passwordProfile":{
"password": "P@ssword1",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
"displayName": "sunny setia",
"givenName": "sunny27",
"surname": "setia",
"identities": [
{
"signInType": "emailAddress",
"issuer": "tssorg.onmicrosoft.com",
"issuerAssignedId": "setia27@mailinator.com"
}
],
"passwordProfile":{
"password": "P@ssword1",
"forceChangePasswordNextSignIn": false
},
"passwordPolicies": "DisablePasswordExpiration"
}
Important:
- The Issuer
must follow your B2C tenant domain.
- Use a strong
password that meets AAD complexity requirements.
