I want to support MFA(Multiple factor authentication) in my web app and iOS app. And my customer suggests us to use Azure MFA.
But I only find document about how to enable Azure MFA if app is integrate with Azure AD and SSO page.
My Question is: Can I use Azure's MFA service with my custom login page? but not Azure's login page.
Thanks.
No.
If a user has MFA, they must login through the Azure AD login page.
Related
How to login with MFA to a AZURE AD B2C App using the login url(URL given below) provided by microsoft?
Do we have any URL to validate users login with MFA Azure AD B2C?
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token
That URL is only part of the flow.
The whole flow is here.
The easiest way to achieve this is to use one of the MSAL libraries.
MFA is not part of the OpenID Connect flow.
You have to add it.
Context
I've successfully created and configured a Azure B2C tenant and a ASP.NET Core 3.1 Web Application which uses AD B2C built in workflows to authenticate users.
Question
In the application described above the login forms (even they have customized design by me) are provided and hosted by Azure AD B2C infrastructure.
Is it possible to use my entirely custom login form (hosted in my web app), get the typed credentials from the uses, then call Azure AD B2C API to do the authentication, and get the token?... or it is not a supported scenario and asking for the credentials form is always must be hosted by the Azure AD B2C infrastructure...
From a web app this is not supported. We do support an ROPC flow from mobile apps.
Our organization has a on premise Active directory.For few of our applications we want to implement authentication mechanism using Azure AD. Following is the requirement:
1) Organization users will be authenticated by Azure AD
2) External users will be authenticated by Azure AD B2C
3) Whenever an external user is trying to access the application, application will redirect the user to B2C login page.
Can anyone help me with steps for the solution?
Also, is there any issues to implement the security mechanism using Azure AD and B2C if the application resides in AWS?
For a specific sample of how to implement these custom policies, see Woodgrove Groceries demo, which enables users to sign in with either:
An "individual customer" account (i.e. a local account that is managed by Azure AD B2C or a Google or Microsoft account that is federated with it); or
A "business customer" account (i.e. an Azure AD account that is federated with Azure AD B2C); or
A "partner" account that is a direct federation between the end-user application and Azure AD (where Azure AD B2C doesn't act as an intermediate federation).
For your use case B2C custom policies are perfect fit. you can get start on custom policies from https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-get-started-custom
1) Organization users will be authenticated by Azure AD
You can integrate this in custom policies. Example: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
2) External users will be authenticated by Azure AD B2C
Once you add custom policies those will allow you to login users from external network/ social IDPs
3) Whenever an external user is trying to access the application,
application will redirect the user to B2C login page.
It's all about configuration. If you configure properly it will take you to B2C login page. If you stuck while integrating drop comment here.
Also, is there any issues to implement the security mechanism using
Azure AD and B2C if the application resides in AWS?
I don't think you will face challenges. Cloud redirects will happen and works fine with B2C too.
I'm pretty new with Azure and all its services and I want to use Azure B2C to provide authentication to local users and FB providers. However, I noticed that I cant use the workflow I have defined in my mobile app because Azure has a redirect URL to load a browser and show the web page defined by them or custom according to the policies defined for sign in.
I've been googling for a while but doesn't seem there's an option to have a webAPI that receives data from the mobile app and authenticate against the Azure B2C.
Does anyone know if there's a way to not use the redirect URL and use the app login workflow?
Thanks!
Currently, Azure AD B2C doesn't have support for this.
However, work to support for the Resource Owner Password Credentials flow in Azure AD B2C is in-progress.
This new feature will enable the mobile app to collect a user credential and POST it to the B2C tenant for validation.
We use Azure AD B2C in a native mobile application. In our user account management blade we would like to use an Azure AD B2C profile editing policy. Is there a way to use an this kind of policy without having the sign-in process? We already have the id_token, can we way send it thru a parameter to prevent the user from having to sign-in once again?
Thanks in advance