I am an engineer from the Azure B2C support team and I have a customer with the following concern: Is it possible to use an office phone with phone extension on the MFA settings for either user flow or custom policy? Is this something we can modify? All I get is how to enable and disable it.
Thanks in advance.
Currently MFA with office phone (extension) is not available with User flow/Custom policy.
As the Azure recently added the phone sign-up and sign-in with custom policies to the public preview.
we may expect this feature in future.
You can raise User voice on this request.
For office phone with extension there is two-factor verification method but not using User flow/Custom policy
Related
I have an Enterprise Application registered on Azure Active Directory and I want only certain AAD users to be able to access it. I have created a user group for the authorized users and everything works fine. The users who are not assigned to the application, as expected, can't sign-in and they get an error message like the following after successful authentication. Is it possible to customize this message? I just need to add a support email address.
Customization of error message in AzureAD may not be possible as in AADB2C. You may try to give the support email in "sign-in page text and formatting" entry box through Company branding page for AAD sign-in .But this page appears as background in sign in page no matter success or failure of user authentication.
Note :Company branding requires azure ad Premium 1, Premium 2, or
Office 365 (for Office 365 apps) licenses.
Is it possible to update the AuthenicationPhoneNumber using the B2C graph api? If not is there any programmatic way of updating this field?
Unfortunately, it is not supported to Add/Update Authentication Phone Number via graph api or do that programmatically.
See this similar issue: Azure B2C - Add/Update Authentication Contact Info.
Also, see the reply of AAD Team in this feedback:
Dec 8, 2017 We are building an API that will allow you to get and set credential information (i.e. Authentication Phone, Authentication Email, etc.) for both multi-factor authentication (MFA) and self-service password reset (SSPR). We will keep you updated when this becomes available.
March 1, 2019 Hi folks! The work for this feature is still in progress. We will update you when it is available. Thank you for your patience!
According to the reply, the API to access the Authentication Phone may come soon, just wait for it.
How to enable Phone number verification in custom policy or MFA ? Default policy allows so , is it possible to do so in custom policy?
My requirement is to use e Phone Number as user id in Azure b2c? Is it possible to have user id accepting both phone # or email id?
Similar to Facebook accepting either phone # or email id. Appreciate your help.
A starter pack with MFA can be found at:
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa
Phone number based sign up and sign in could be possible but it will require you to determine your user journeys in detail. You will need to create a separate experience for phone number sign up and email sign up because their verification and storage in Azure AD is different.
Similarly, when a user needs to sign in, the country code for their phone number needs to be determined. Currently, there is no easy way to do this on the sign in page.
In short, I do not think there is an easy way to support Facebook like support for phone no and email address simultaneously. However, it is an area that Azure AD B2C team wants to invest in so we may see support in the future.
I came across this issue in my app, that azure is letting user register themselves from email and social media (using registered email) both. Thus there are two users with same email Id.
Can you guys help me out in this one?
Thank you.
As of now in basic policies, it is not possible. But in advanced policies (IEF) you can make a trick by calling an API to check user email existence using Graph APIs and return success or exception.
There is an account linking feature which is in the roadmap and you can vote for that at https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13214529-azure-ad-b2c-how-to-avoid-validate-duplicate-s
What steps are needed to customize the verification email sent by the Sign-up policy in Azure AD B2C? I have followed the MSDN faq and updated the Company branding with a banner image and a background color.
However the email which is sent is still the default email and my edits of the branding are not applied.
EDIT:
According to this page it seems as the Azure AD B2C need to be upgraded in order to use the company branding: Is this correct? And if so, how can i upgrade the tier to premium?
It seems odd since it was possible to edit the company branding without upgrading the tier.
It is now resolved.
This problem was caused by a bug in Azure.
After communication with the developer team they fixed it and the company branding started working.
To clarify: you donĀ“t need to upgrade anything in order for company branding of the verification e-mail to work.