I need a method where I can destroy all user sessions after a product release forcing them to login.
It can be a manual step on portal, I just need to be able to do it.
I can't find anything in the documentation, and the quite generic potential search terms only appear to provide solutions and approaches to different issues.
Is this possible and if so, can you point me in the direction?
Thanks
I have confirmed this with Azure support engineer. Azure B2C doesn't support such feature that sign all users out.
Related
We are on DNN for our Portal and it can be accessed through a login and password. I would like to understand how can we implement MFA(multi factor Authentication)
Can somebody guide as to what is required. This portal is also further connected with Dynamics 365 for the data. Is there any documentation that you could refer us to?
Thanks,
Jalpa Shah
What you need is an authentication provider for DNN that implements MFA.
If you go to store.dnnsoftware.com and search for "authentication" then you will find some modules.
Note: I don't have any experience with any MFA on DNN, but that's where I would start.
The other option would be to create your own MFA provider. You might want to poke around the DNN Community section of GitHub, too.
Typically I would recommend the usage of a commercial module, such as the one my company makes DNN Simple 2 Factor Authenticaiton.
However, you note that you are also looking at a connection with Dynamics 365, which most likely makes that option not a route.
If using Dynamics365 for authentication, you will want to look at configuration within Dynamics to configure/enforce the 2FA processes.
I have several days trying to customize the email verification of my project but it's been impossible to change anything.
I followed many times:
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-get-started
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid
https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-mailjet
I uploaded the new custom policies B2C_1A_TrustFrameworkBase and B2C_1A_TrustFrameworkExtensions with all the changes described in the manual, but I still don't know why I can't even generate an application error and the default Microsoft email verification keeps working normally, is there any way to track what I might be missing?
You can refer to the troubleshoot documentation about turning the B2C engine into developer mode and tracking the B2C engine itself.
There is a separate documentation and technical profiles explaining how to use application insights to track user behavior during user journeys. You can discover more about this here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/analytics-with-application-insights
I am trying to retreive/change the MFA number on a B2C account programatically. I don't really mind how its done, and I am aware of this SO question - https://stackoverflow.com/a/40858874/243905 but that was asked a long time ago and I had hoped it was different now.
I find the B2C docs are a bit lacking in clarity on this information, and although I am able to query the users using the method detailed here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
the object that is returned does not return the MFA details.
Is this possible through any means?
strongAuthenticationPhoneNumber can be issued in the resulting token, however it can't be edited using graph, for the moment. It's expected this capability will be available during the 2nd half of 2018.
As of today this appears to be working for Azure B2C. Microsoft Docs
There is an extra permission that the token will need. UserAuthenticationMethod.ReadWrite.All
Hey Guys i just quickly wanted to double check – as far as i know there is no way to implement the Microsoft Azure Login into an existing Website / Style – is this correct or is there any kind of work-around?
It really is annoying that customers need to "jump of" our page to azure to login in.
You can choose e.g. the background image. But, of course you can do the authentication back-end yourself, using the Microsoft Authentication libraries. See here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios
Has anyone found a way to use the Azure AD sign in page without the domain name?
For example, oscar instead of oscar#tenant.onmicrosoft.com.
I already am aware of using the "login_hint" parameter; however, I'd like to the user to not see the "#tenant.onmicrosoft.com" at all. I think it would lead to confusion.
Also, I want to avoid creating a custom page & having access to the username/password by using the UserCredential type and AcquireToken method. See this for reasons.
The domain name (#tenant.onmicrosoft.com) is going to be a deal breaker for my employer. They don't want to see it and I can understand why.
There is absolutely no way to avoid using of #domain with the login at Azure AD.
However, you are not forced to use #tenant.onmicrsoft.com - you can freely configure your own domain and have users login with #mycompany.com. You have to make your employer think in 21st century, not in middle ages of early Internet access.