How to Disable Self-Service Sign-Up in a Microsoft Entra ID for Customers User Flow
In Microsoft Entra ID for Customers, you can only create SignIn and SignUp user flows. Unlike Azure AD B2C, there is currently no option to create a SignIn-only user flow.
At the moment, the Entra ID Admin Center does not provide a built-in way to disable the Self-Service Sign-Up link within a user flow. Even custom CSS cannot be used to hide the SignUp link, as the relevant element’s styling cannot be overridden.
However, if you're managing users via Microsoft Graph and want to prevent self-service sign-ups — for example, in a B2B scenario — you can modify the user flow by patching it using the Graph API beta endpoint.
To do this, send a PATCH request to the following endpoint:
https://graph.microsoft.com/beta/identity/authenticationEventsFlows/{UserFlowID}With the following payload:
{
"@odata.type": "#microsoft.graph.externalUsersSelfServiceSignUpEventsFlow",
"onInteractiveAuthFlowStart": {
"@odata.type": "#microsoft.graph.onInteractiveAuthFlowStartExternalUsersSelfServiceSignUp",
"isSignUpAllowed": false
}
}
If successful, the response will be HTTP 204 No Content.
You can perform this operation using Microsoft Graph Explorer — just make sure the beta endpoint is selected.
To retrieve the UserFlowID, send a GET request to:
https://graph.microsoft.com/beta/identity/authenticationEventsFlowsOnce updated, the user flow will no longer display the SignUp link on the SignIn form.
For more information, refer to the official documentation:
OnInteractiveAuthFlowStartExternalUsersSelfServiceSignUp - Microsoft Graph (beta)
