We are looking to use mobile number as username for our users to sign in. In the Signup journey we just want to send one time password to validate if they have put the correct phone number.
Is it possible to achieve this using Azure B2C IEF?
Please note we do not need 2FA as we just want to validate once at the time of sign up if user has put the correct mobile number.
Your help will be greatly appreciated.
Thanks,
A
Have a look at the sample.
"A B2C IEF Custom Policy which allows login via Phone Number (TOTP)".
Have a look at the issues viz.
"You need to use the SocialAndLocalAccountsWithMfa starter pack not the SocialAndLocalAccounts as per the Readme.
There is a missing:
ClaimsProviders
ClaimsProvider
in the xml.
When you run the sample, when it asks "Enter user name", you need to enter the phone number."
Related
In Azure AD B2C, is it possible to have a password less sign in policy where user enters email and OTP is sent to associated mobile number?
Can we associate multiple phone numbers to a consumer account
without custom/extension attribute?
Regarding point 1, even if we manage to create it, should we use this policy. Is it a good practice?
Yes, you'd have to create it via custom policy.
Yes, via custom policy you'd have to create an additional endpoint. This endpoints points to a db with a list of phone numbers and returns true if it's in that list. As for best practice, it's dependent on the user requirements.
It's a bit tricky to develop custom policies.
Here's a good starting point: https://learn.microsoft.com/en-us/azure/active-directory-b2c/solution-articles
I using Microsoft ADB2C for authentication. And turn on MFA via SMS.
I have a problem with the step that confirms the code.
confirm code
In the image above. The step confirms code always needs the user to input the phone number.
So, How can I modify this step like this?
confirm code 2
This step runs when I set up the Authentication method of the user by manual.
But I need automation when users sign up.
Make sure you read the attribute where the phone number is stored before calling the MFA orchestration step. The phone number entry only appears if the phone number claim is null.
You will see in the AAD B2C SocialLocalAndMFA starter pack we read the strongAuthenticationPhoneNumber using AAD-UserReasUsingObjectId technical profile prior to the phonefactor mfa step.
You need to read the attribute where the phone number is written to at sign up.
We are using Azure AD B2C with Custom Policies. We noticed that Email-verification on Signup is pretty hard to do for the majority of users from a usability perspective. Hence, we would like to implement the following flow:
Step 1: Provide user data (Email, First Name, Last Name, Paswword + Confirm Password) and user can click next
Step 2: User sees a text that an email was send to him with a verification code. User should have the capability:
to enter the code and continue or
resend the code
On clicking continue, the user is redirected to the target app if code is correct.
Is this flow possible? If yes, can someone give a concrete example on how it needs to be setup as custom policy?
Thanks a lot in advance for your help!
There is a sample here that demonstrates the concepts you are looking for
https://github.com/azure-ad-b2c/samples/tree/master/policies/split-email-verification-and-signup
I have setup a User Flow and Phone Signups/Signin. After entering my phone number on Login Page, i have being redirected to enter Country and Phone number again. I want to remove this setup. Please Help
https://i.stack.imgur.com/DI6Pk.png
No, you couldn't remove it, the steps are designed by Azure. Try to feedback here.
How to enable Phone number verification in custom policy or MFA ? Default policy allows so , is it possible to do so in custom policy?
My requirement is to use e Phone Number as user id in Azure b2c? Is it possible to have user id accepting both phone # or email id?
Similar to Facebook accepting either phone # or email id. Appreciate your help.
A starter pack with MFA can be found at:
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa
Phone number based sign up and sign in could be possible but it will require you to determine your user journeys in detail. You will need to create a separate experience for phone number sign up and email sign up because their verification and storage in Azure AD is different.
Similarly, when a user needs to sign in, the country code for their phone number needs to be determined. Currently, there is no easy way to do this on the sign in page.
In short, I do not think there is an easy way to support Facebook like support for phone no and email address simultaneously. However, it is an area that Azure AD B2C team wants to invest in so we may see support in the future.