azure active directory – Do I need to store external idp user in local AAD?

I have inspected a lot of custom policy examples, and I noticed following pattern: If user is new, we store it locally using AAD-UserWriteUsingAlternativeSecurityId. Do we really need to perform this action? If not, in which case it make sense?

My context is next: authenticate user with given email and issue my b2c token. Later this token with email info inside will be used to query API. I can check that given token was issued by my b2c, and I can trust it. Using nested email I can make authorization.

Read more here: Source link