Is it possible to update the AuthenicationPhoneNumber using the B2C graph api? If not is there any programmatic way of updating this field?
Unfortunately, it is not supported to Add/Update Authentication Phone Number via graph api or do that programmatically.
See this similar issue: Azure B2C - Add/Update Authentication Contact Info.
Also, see the reply of AAD Team in this feedback:
Dec 8, 2017 We are building an API that will allow you to get and set credential information (i.e. Authentication Phone, Authentication Email, etc.) for both multi-factor authentication (MFA) and self-service password reset (SSPR). We will keep you updated when this becomes available.
March 1, 2019 Hi folks! The work for this feature is still in progress. We will update you when it is available. Thank you for your patience!
According to the reply, the API to access the Authentication Phone may come soon, just wait for it.
Related
I am an engineer from the Azure B2C support team and I have a customer with the following concern: Is it possible to use an office phone with phone extension on the MFA settings for either user flow or custom policy? Is this something we can modify? All I get is how to enable and disable it.
Thanks in advance.
Currently MFA with office phone (extension) is not available with User flow/Custom policy.
As the Azure recently added the phone sign-up and sign-in with custom policies to the public preview.
we may expect this feature in future.
You can raise User voice on this request.
For office phone with extension there is two-factor verification method but not using User flow/Custom policy
I came across this issue in my app, that azure is letting user register themselves from email and social media (using registered email) both. Thus there are two users with same email Id.
Can you guys help me out in this one?
Thank you.
As of now in basic policies, it is not possible. But in advanced policies (IEF) you can make a trick by calling an API to check user email existence using Graph APIs and return success or exception.
There is an account linking feature which is in the roadmap and you can vote for that at https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13214529-azure-ad-b2c-how-to-avoid-validate-duplicate-s
I am trying to retreive/change the MFA number on a B2C account programatically. I don't really mind how its done, and I am aware of this SO question - https://stackoverflow.com/a/40858874/243905 but that was asked a long time ago and I had hoped it was different now.
I find the B2C docs are a bit lacking in clarity on this information, and although I am able to query the users using the method detailed here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
the object that is returned does not return the MFA details.
Is this possible through any means?
strongAuthenticationPhoneNumber can be issued in the resulting token, however it can't be edited using graph, for the moment. It's expected this capability will be available during the 2nd half of 2018.
As of today this appears to be working for Azure B2C. Microsoft Docs
There is an extra permission that the token will need. UserAuthenticationMethod.ReadWrite.All
When using local accounts, can we force a password change every N days?
If not, can we use the graph api to determine the last time the password was changed?
You're not going to like my answer but...
At this time, Azure AD B2C does not support forced password reset. I would vote for it here.
At this time, the graph API also doesn't support when a password was last changed. Vote for that here.
The Azure AD B2C Team updated the user voice request here.
So now you can use an extension policy to force the password expiration, you can take a look at the code here.
Also, the Azure AD Team released a similar feature, updating the user voice request here.
The property is called:
lastPasswordChangeDateTime
and indeed seems to be the correct one:
The time when this Azure AD user last changed their password. The date
and time information uses ISO 8601 format and is always in UTC time.
For example, midnight UTC on Jan 1, 2014 would look like this:
'2014-01-01T00:00:00Z'
See the updated official documentation for the Graph API.
We are using DocuSign REST API (DocuSign C# Client) to create a DocuSign account for our clients. An account is created successfully, but when the user login that account on DocuSign Web (New UI) then they do not get "Go to Admin" menu in admin preferences. Is there any settings that we need to apply while creating DocuSign account. We are using DocuSign C# Client to create an account and applying only email and user name.
Also, we want to update some DocuSign account settings using REST API. But some parameters are not getting updated. When I checked the API log and found that parameter which we want to modify its read only. Below what i found from API log.
"allowEnvelopeCorrect":"false","allowEnvelopeCorrectMetadata":{"rights":"read_only","uiHint":"available"}
See my answer below on another thread, I would try to explicitly call canManageAccount and see if the permission gets set. It may still need to be done in SOAP.
Fail to update user's "Manage Account" permission through "Modify User Account Settings" API
Are you creating new accounts through the API or just adding new users to an account?
There's actually a bug in the platform currently that will be fixed soon - the bug is that for single user accounts the Go To Admin link in the menu drop menu is not available. I believe this might be causing your issue. Starting tomorrow you should be able to access the Admin menu directly through - admin.docusign.com/auth - and I think next week the actual menu item should be enabled and bug fixed.
-- By Ergin
It has been fixed Now.. Thanks.