in Azure AD B2C passwordless with email authentication/Password reset (custom policy ) first we need to enter email address and default test is "Verification is necessary. Please click Send button".But after entering email address it lands to second page where we need to put OTP,
the message "Verification is necessary. Please click Send button." is also apperaing in second page also.
hoe can i remove it from second page??
I am using this sample.
just remove
display: block !important;
from div#email_intro css
Related
I have managed to get the modern Home Realm Discovery (HRD) policy working with our directory and several federated IdPs. However, there is a loophole that I would like to be able to close. If a non-federated domain email is used, the user is then forwarded on to Local Account login with username (i.e., email) and password, but the email value can still be changed, including to one using a federated domain. Also, the Forgot Password dialog does not seem to pre-populate the email address so it can, again, be changed to any email address. Finally, even after verifying the email, there is the "Change Email" option.
I would like to be able to either
Lock in the entered email after HRD "failure" until the user
completes or cancels the login,
Detect any changes to an email address in a known federated customer domain and send them back into the federated flow or...
Detect such changes and just error out.
Any ideas how to make this work? I did a little experimenting with the readOnlyEmail examples I saw but either something complained that it did not exist (like ParseDomain) or it was still rendered as a mutable field rather than read-only.
-GBS
• Yes, you can prevent the email id to change even after verification of email in ‘home realm discovery’ step by hiding the email from change or making it grey after entering it for verification email step. You can do this by adding the CSS entry below to your HRD enabled HTML page by customizing your HTML page template.
‘ <style type="text/css">
.changeClaims
{
visibility: hidden;
}
</style> ‘
To customize your HRD enabled sign in and sign-up HTML page with the above entry, please refer to the documentation link below for detailed information. From the below link, download the default HTML page and modify it with the above entry in appropriate location, then save it in your repository from where you access the HTML files and modify the custom policy accordingly, i.e., with the ‘api.signin or signup’ content definition building blocks and save it.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-custom-policy
By following the steps in the above link, you will be able to customize your HRD enabled sign in and sign-up page with also greying out the change email option. Also, to complete the prerequisites for it and referring the options regarding changing the email option, please refer the below link: -
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy#hide-the-change-email-button
In Azure ADB2C pwd reset policy, once the user provides email and enters verification code can change email or update password. How to disable the option to change email and only give the ability to change password. Any help would be appreciated
The only way is to use CSS to hide the element.
Navigate to Page layouts, and then under Forgot password page, click Yes for Use custom page content. You could refer to the doc about customize UI.
Add code in the xxx.css(sample) of reset password.
#email_ver_but_edit {
display: none;
}
I maintain an app where we use Azure AD B2C to authenticate.
The flow is this:
Users are invited by email
They click a link to sign up using a B2C signin/signup flow
They fill in their info, including email address
They are redirected to our app
Now, what bothers me is that the users have to enter in their email address, even though we already know it. We just invited them using their email address.
It has been suggested that we could send people to a password reset page instead. But that doesn't seem ideal either, since they then have to verify their email address, even though we just verified it. After all, they started the flow by getting an email.
In many cases the users mis-type their email address when they are asked for it. That creates a lot of new issues, because we now have two different email addresses for the same users.
Similar question already answered # How to pass email suggestion to Azure AD B2C SignUp page. Answer https://stackoverflow.com/a/56503578/341185 describes how to send invitations.
Alternate approach using Javascript in custom policies
You can use custom policies along with Javascript to show email of the user in email address text box.
Approach:
While sending invitation link, send an extra query parameter like &email_hint=azureb2ccustomer#b2clogin.com and follow below steps to show this email_hint value in email address text box
Steps:
Enabling Javascript in custom policies https://learn.microsoft.com/en-us/azure/active-directory-b2c/javascript-samples
Change page contract to allow custom policies to run javascript https://learn.microsoft.com/en-us/azure/active-directory-b2c/page-contract
Update SignupOrSignin user journey to directly take to SignUp page https://stackoverflow.com/a/56503494/341185
Update your blob HTML page to read query parameters and put the value inside email textbox
var urlParams = new URLSearchParams(window.location.search);
document.getElementById("email").value = urlParams.get('email_hint');
Click here for example request
Add your comments if you still require any other kind of approach than described above to fit into your business model.
If you want to use custom policies, you can use the flow for password reset that has:
&client_assertion_type=urn%3Aietf%3Aparams%3Aoauth%3Aclient-assertion-type%3Ajwt-bearer
&client_assertion=JWT
This puts the email address in a JWT so the user does not have to enter it.
I have an Azure AD B2C account and I want to invite few people to sign-up though invitations only. Currently the sign-up site is here.
What URL should I send to the user to sign-up?
Is there a way hide the field like Country in the sign-up form but takes the value from the invitation URL?
Seems you are trying to get the sign-up URL for your user. Alright let's get started :)
What URL should I send to the user to sign-up?
You can get your sign-up URL from azure portal. Follow the below steps to get your sign-up URL
Step:1
Go to your azure B2C Tenant and click on User flows (policies) like below screen shot.
Step:2
You can create your new sign-up policy or click on your exiting sign-up policy. See the screen shot below.
Step:3
Run your sign-up policy by clicking on Run user flow button which shown on below picture.
Step:4
Once you click on Run user flow you would get following window. Just copy Run user flow endpoint this URL you have to send to your user for sign-up
Step:5
As you seen when user click on this URL they would shown below sign-up page.
Is there a way hide the field like Country in the sign-up form but
takes the value from the invitation URL?
Yes you can do it in a very simple way. Just while creating your sign-up flow you would seen 4. User attributes and claims see below screen shot:
click on show more you will be show a new window as you seen there are two row Collect attribute and Return claim check what you want to collect and need not to check what you want to hide. As I have check Country because I want to collect this information from from user and want hide in claims.
But for Display Name both I want to collect and return in claims. See the screen shot below:
Hope you understand. If you still have any problem feel free to share. Thanks and happy coding!
I would like to change the default email verification behaviour of my (custom) Local SignUp User Journey. I would like the user to first enter their email address and password (and a custom claim), then click a "Create" button. In the next screen they have to enter the verification code they received by e-mail and click the "Finish" button.
So the email layout is OK and the functionality of the buttons is OK. It's just that they should be on subsequent screens.
Is this possible?
Is this standard behaviour of the Web.TPEngine.Providers.SelfAssertedAttributeProvider?
Could I use the standard verification email or do I have to send my own emails?
You will not be able to customize out of box policies which are available but you can write your own custom policies to achieve the desired results. Will suggest you to visit
Azure b2c custom policy overview