I have an existing custom policy (https://github.com/azure-ad-b2c/samples/blob/master/policies/passwordless-email/) and I want to add phone MFA to this.
I found https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-email-or-phone but this allows email or phone, there is also https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa and https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-auth-technical-profile.
Is there any way to force a phone call as mfa? (don't allow sms)
You need to use this setting:
"setting.authenticationMode"
"The method to validate the phone number. Possible values: sms, phone, or mixed (default)"
Related
I am building a custom policy for B2C Sign up.
We currently do not use B2C to do sign ups, but im looking to migrate. Part of this process would require the use of an email and a phone number.
The phone number ONLY would need to be verified.
So after the user signs up for an account an SMS or phone call would verify that they own that phone number.
Looking in the documentation, i see verify phone number, but its for sign up with a phone number. I dont want to do that.
I just want the phone number to verify during the sign up process.
Any insight?
You could use the PhoneFactor technical profile.
The "PhoneFactor-InputOrVerify" flow asks for a phone number if not present and verifies or just verifies if present.
Use the default starter pack. Just add a precondition to skip the phonefactor step if newUser claim does not exist. That will trigger MFA prompt only on sign up.
I have a custom policy with MFA using PhoneFactor, it works however, the SMS sent says
123456
Use this code for Custom Policy Manage verification
Is there anyway to change the
Use this code for Custom Policy Manage verification
to be different text? Say
Use this code for X Application verification
Currently it is not possible to customize the SMS content.
You can raise user voice for your request in Azure feedback portal or vote for the existing one
Currently I am capturing the users email and phone when they sign up. Once they are signed up, they log in with their email and password. I would like to change this so they login with their phone and password instead of their email address. What update do I need to make in my custom policies to achieve this?
There is GitHub sample Where you can login users solely on Phone Number and MFA via SMS or Phone Call. This approach is passwordless. Hope this will helps your query
When using Docusign's identityVerification option in the api and sending a user to docusign to first verify their identity with a license / passport and then sign a document...
Is there a way to pass the users phone number through to the above page to pre fill the mobile number so that they don't have to enter it in? This is the page where docusign sends and SMS with a link to the mobile number for the user to photograph their license.
Docusign Mobile Number Screen
Thanks Jahax, it's just so happens that I published a blog post on this topic today, you can find it here - https://www.docusign.com/blog/dsdev-implementing-docusign-recipient-authentication/
However, I'm afraid when it comes to IDV, all the personal information (including phone number) has to be provided directly by the recipient after they click the link sent to them from DocuSign.
If you were using SMS verification (or phone call verification) you could specify the phone number to use yourself, but IDV works differently and at present time - this is not possible.
We are using Azure B2C for our Identity provider, but it is clear that users are finding the process a bit clunky. Mostly this appears to be because of the synchronous nature of the signup process.
We do want to verify the email address and MFA phone number, but ideally not at the point at which they are entered. Is there a way that we can leverage a graph API call to deal with this, or use a custom policy to achieve the same?
We would also like a clear separation of the signup/signin process. Such that a user can be directed to these pages directly and they can also be branded.
You might be able to implement this with two custom policies:
A sign-up policy that prompts the new customer for the email address and the phone number and creates a new user with these marked as unverified. This custom policy can be invoked at the Account Creation step.
A verification policy that verifies the unverified email address, via the built-in email message, and then the unverified phone number, via the built-in phone call or text message. This custom policy can be invoked at the Application Complete step.
Note that it isn't the sign-up policy that sends the verification code but the verification policy that sends it. I don't know if this is acceptable for the desired experience but the custom policy that sends the verification code must be the same one that validates it.
(There is an alternate flow where after the sign-up policy has completed, your end application sends a custom email message, containing a verification link, which when opened by the end user is validated by your end application and then the verification policy -- minus the email verification step since the email address has already been verified -- is started).
If this proposed solution is interesting to you, then I can attempt to provide the full details of the custom policies based on one of the custom policy starter packs.
Updated on 15 February 2019
I've published the following custom policy samples to this GitHub repository. The second and third policies implement the above flow.
sign_up_sign_in
Sign-up for a local account using an e-mail address and a phone number. The end user is prompted for verification of the e-mail address and the phone number.
Sign-in for a local account using an e-mail address or a phone number. If the e-mail address hasn't been verified, then the end user is prompted for verification of the e-mail address. If the phone number hasn't been verified, then the end user is prompted for verification of the phone number.
sign_up_without_verification
Sign-up for a local account using an e-mail address and a phone number. The end user is not prompted for verification of the e-mail address or the phone number.
sign_in_with_verification
Sign-in for a local account using an e-mail address or a phone number. If the e-mail address hasn't been verified, then the end user is prompted for verification of the e-mail address. If the phone number hasn't been verified, then the end user is prompted for verification of the phone number.