This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 21%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
I’m evaluating options for governing customer or partner access in an Azure AD B2C tenant. Entra ID’s entitlement management and access packages would be the obvious fit in a standard Entra ID directory, but I can’t find any indication that they work in B2C.
Before I assume they’re unsupported, I want to confirm the current state:
Can access packages be enabled or used in an Azure AD B2C tenant?
Are there recommended patterns for implementing request-approval-expiration flows for B2C identities?
Looking for an authoritative answer from someone who has tested this or seen an official Microsoft statement.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 74%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAZ%3C/text%3E%3C/svg%3E)
I looked into this a while ago for a customer who needed approval and expiration workflows for their B2C users, and we confirmed with Microsoft that access packages and the full Entitlement Management feature set aren’t available in an Azure AD B2C tenant.
B2C is structured differently from a standard EntraID directory, and the identity governance features you see in Entra ID, like access packages, catalogs, and life-cycle workflows—aren’t part of the B2C feature set. Microsoft’s own documentation lists which Entra features work in B2C, and entitlement management isn’t included there.
For scenarios where you need request-and-approval or time-bound access for B2C identities, the approach we used was to build those flows outside B2C.
Most teams handle it with custom policies, user flows, or an external workflow engine like Logic Apps or Functions and then write back to B2C once the request is approved.
It takes more development work, but that’s the supported pattern today because B2C doesn’t include the identity governance layer you get in standard Entra ID tenants.
Access packages and entitlement management features from Microsoft Entra ID are not supported in Azure AD B2C tenants. Azure AD B2C is designed primarily for customer identity and access management, and it operates separately from Microsoft Entra ID, which is focused on employee access management. Therefore, you cannot enable or use access packages in an Azure AD B2C tenant.
As for workarounds, Azure AD B2C does not have built-in support for request-approval-expiration flows like those found in Microsoft Entra ID. However, you can implement custom user flows or policies to manage access and identity governance, but this would require additional development and customization.
For managing customer or partner access in Azure AD B2C, consider using user flows and custom policies to create a tailored experience that meets your governance needs. You may also explore integrating with other services or developing custom solutions to handle request and approval processes.