| title | B2C IEF Policy Administrator |
|---|---|
| description | B2C IEF Policy Administrator |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
Users in this role have the ability to create, read, update, and delete all custom policies in Azure AD B2C and therefore have full control over the Identity Experience Framework in the relevant Azure AD B2C organization. By editing policies, this user can establish direct federation with external identity providers, change the directory schema, change all user-facing content (HTML, CSS, JavaScript), change the requirements to complete an authentication, create new users, send user data to external systems including full migrations, and edit all user information including sensitive fields like passwords and phone numbers. Conversely, this role cannot change the encryption keys or edit the secrets used for federation in the organization.
Important
The B2 IEF Policy Administrator is a highly sensitive role that should be assigned on a very limited basis for organizations in production. Activities by these users should be closely audited, especially for organizations in production.
[!div class="mx-tableFixed"]
Actions Description microsoft.directory/b2cTrustFrameworkPolicy/allProperties/allTasks Read and configure custom policies in Azure Active Directory B2C