To allow employees to register by company and have full company-wide access in your Azure B2C application, you’re on the right track considering custom attributes to store company information during registration.
Use Custom Attributes to Capture Company Info:
Extend your user profiles with a custom attribute like company Id or company Name when users sign up. This ensures each user is tagged with their company.
Restrict Registration by Domain (Optional but Recommended):
To avoid users registering with the wrong company, you can:
Validate the user’s email domain during sign-up against an allowed list per company.
Automatically assign the company attribute based on the verified email domain.
Additional Approval Workflow (Optional):
If you want tighter control, implement an approval process where a company admin verifies new users before granting access. This can be done by integrating Azure Functions or Logic Apps to handle approval and update user attributes post-verification.
Implement Role-Based Access Control (RBAC):
Once users have their company attribute set, your application should enforce access control based on this attribute, showing resources only relevant to their company.
Consider Using Groups or Directory Extensions:
For complex scenarios, use Azure AD B2C custom policies or integrate with Azure AD groups (if using Azure AD alongside B2C) to manage company memberships and roles more granularly.
Capture company info via custom attributes during sign-up.
Validate or limit registration by email domain.
Optionally add an approval step for new users.
Enforce company-level access within your application based on user attributes.
This approach balances ease of registration with security and proper access control. If you want, I can also share sample policy XML or code snippets to help implement this.