I am building a custom policy for B2C Sign up.
We currently do not use B2C to do sign ups, but im looking to migrate. Part of this process would require the use of an email and a phone number.
The phone number ONLY would need to be verified.
So after the user signs up for an account an SMS or phone call would verify that they own that phone number.
Looking in the documentation, i see verify phone number, but its for sign up with a phone number. I dont want to do that.
I just want the phone number to verify during the sign up process.
Any insight?
You could use the PhoneFactor technical profile.
The "PhoneFactor-InputOrVerify" flow asks for a phone number if not present and verifies or just verifies if present.
Use the default starter pack. Just add a precondition to skip the phonefactor step if newUser claim does not exist. That will trigger MFA prompt only on sign up.
Related
I have an existing custom policy (https://github.com/azure-ad-b2c/samples/blob/master/policies/passwordless-email/) and I want to add phone MFA to this.
I found https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-email-or-phone but this allows email or phone, there is also https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa and https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-auth-technical-profile.
Is there any way to force a phone call as mfa? (don't allow sms)
You need to use this setting:
"setting.authenticationMode"
"The method to validate the phone number. Possible values: sms, phone, or mixed (default)"
I am trying to activate sandboxes. When I enter my mobile no which is in sync with my live account which has a domain like #outlook.com which I am not receiving the code to my phone.
Even tried in incognito but no luck.
Initially when i tried a few months back no phone no is asked which directly worked with my no.
Now it is asking for phone code to authorize.
Please help
If you are seeing the "MSA account requires additional verification steps" message, the Microsoft account that you use to sign into Microsoft Docs may need verification if you haven't used that account for a while, or if your account requires email or phone verification. You will need to resolve your account login issue through https://support.microsoft.com to use it on Microsoft Docs.
MVA Learning also has an active support forum here.
Other things to note:
You can use any phone number for verification as long as it meets the requirements. The phone number that you enter for verification isn't stored as a contact number for the account.
A Voice-over-IP (VoiP) phone number can't be used for the phone verification process.
Check that your phone can receive calls or SMS messages from a United States-based telephone number.
Double-check the phone number that you enter, including the country code that you select in the drop-down menu.
If your phone doesn't receive text messages (SMS), try the Call me option.
The MS learn help page may also be useful, but I would suggest reaching out to support.
Currently I am capturing the users email and phone when they sign up. Once they are signed up, they log in with their email and password. I would like to change this so they login with their phone and password instead of their email address. What update do I need to make in my custom policies to achieve this?
There is GitHub sample Where you can login users solely on Phone Number and MFA via SMS or Phone Call. This approach is passwordless. Hope this will helps your query
When using Docusign's identityVerification option in the api and sending a user to docusign to first verify their identity with a license / passport and then sign a document...
Is there a way to pass the users phone number through to the above page to pre fill the mobile number so that they don't have to enter it in? This is the page where docusign sends and SMS with a link to the mobile number for the user to photograph their license.
Docusign Mobile Number Screen
Thanks Jahax, it's just so happens that I published a blog post on this topic today, you can find it here - https://www.docusign.com/blog/dsdev-implementing-docusign-recipient-authentication/
However, I'm afraid when it comes to IDV, all the personal information (including phone number) has to be provided directly by the recipient after they click the link sent to them from DocuSign.
If you were using SMS verification (or phone call verification) you could specify the phone number to use yourself, but IDV works differently and at present time - this is not possible.
We are using Azure B2C for our Identity provider, but it is clear that users are finding the process a bit clunky. Mostly this appears to be because of the synchronous nature of the signup process.
We do want to verify the email address and MFA phone number, but ideally not at the point at which they are entered. Is there a way that we can leverage a graph API call to deal with this, or use a custom policy to achieve the same?
We would also like a clear separation of the signup/signin process. Such that a user can be directed to these pages directly and they can also be branded.
You might be able to implement this with two custom policies:
A sign-up policy that prompts the new customer for the email address and the phone number and creates a new user with these marked as unverified. This custom policy can be invoked at the Account Creation step.
A verification policy that verifies the unverified email address, via the built-in email message, and then the unverified phone number, via the built-in phone call or text message. This custom policy can be invoked at the Application Complete step.
Note that it isn't the sign-up policy that sends the verification code but the verification policy that sends it. I don't know if this is acceptable for the desired experience but the custom policy that sends the verification code must be the same one that validates it.
(There is an alternate flow where after the sign-up policy has completed, your end application sends a custom email message, containing a verification link, which when opened by the end user is validated by your end application and then the verification policy -- minus the email verification step since the email address has already been verified -- is started).
If this proposed solution is interesting to you, then I can attempt to provide the full details of the custom policies based on one of the custom policy starter packs.
Updated on 15 February 2019
I've published the following custom policy samples to this GitHub repository. The second and third policies implement the above flow.
sign_up_sign_in
Sign-up for a local account using an e-mail address and a phone number. The end user is prompted for verification of the e-mail address and the phone number.
Sign-in for a local account using an e-mail address or a phone number. If the e-mail address hasn't been verified, then the end user is prompted for verification of the e-mail address. If the phone number hasn't been verified, then the end user is prompted for verification of the phone number.
sign_up_without_verification
Sign-up for a local account using an e-mail address and a phone number. The end user is not prompted for verification of the e-mail address or the phone number.
sign_in_with_verification
Sign-in for a local account using an e-mail address or a phone number. If the e-mail address hasn't been verified, then the end user is prompted for verification of the e-mail address. If the phone number hasn't been verified, then the end user is prompted for verification of the phone number.