Hello, friends, i have embedded Microsoft social sign in button on my login page, if i don’t have my Active Directory (AD) user in Ory identities list and I go through the Microsoft login / authentication process, I will have a Ory identity created after sign in. However, if I created this AD user by using Ory api and have a Ory user created this way. I can no longer login by clicking the social login button. I tried to overcome this by manually adding the kratosAdminCreateIdentityBody.VerifiableAddresses block in kratosAdminCreateIdentityBody, but still does not work. Inspection from login page shows 401 unauthenticated error, anyone can let me know if this is possible to fix ? Thanks a bunch.

kratosAdminCreateIdentityBody.VerifiableAddresses = new List<KratosVerifiableIdentityAddress>{
               new  KratosVerifiableIdentityAddress(
                    id:System.Guid.NewGuid().ToString(),
                    createdAt: DateTime.UtcNow,
                    status: "sent",
                    via: "email",
                    updatedAt:DateTime.UtcNow,
                    value: email
               )
            };

If I understand correctly, the user you created through admin does not have any credentials (incl. OIDC) associated with it. However, it uses the same identifier as the user trying to use AD. You basically have to link the user to the AD credentials. Why do you want to create them through the admin API anyways?

I see that when creating an AD user in ORY i should complete the OIDC flow at the background and provide with an OIDC credential as part of the KratosAdminCreateIdentityBody created for the AdminCreateIdentity call. Thanks for your help.

yes, but it will not really work like this you have to link the credentials to that user, so basically do what the user would do I'd recommend to not create the user beforehand, but instead just let them sign up once needed then you can use a webhook to do additional setup if that is needed