How to enable Phone number verification in custom policy or MFA ? Default policy allows so , is it possible to do so in custom policy?
My requirement is to use e Phone Number as user id in Azure b2c? Is it possible to have user id accepting both phone # or email id?
Similar to Facebook accepting either phone # or email id. Appreciate your help.
A starter pack with MFA can be found at:
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/SocialAndLocalAccountsWithMfa
Phone number based sign up and sign in could be possible but it will require you to determine your user journeys in detail. You will need to create a separate experience for phone number sign up and email sign up because their verification and storage in Azure AD is different.
Similarly, when a user needs to sign in, the country code for their phone number needs to be determined. Currently, there is no easy way to do this on the sign in page.
In short, I do not think there is an easy way to support Facebook like support for phone no and email address simultaneously. However, it is an area that Azure AD B2C team wants to invest in so we may see support in the future.
Related
In Azure AD B2C, is it possible to have a password less sign in policy where user enters email and OTP is sent to associated mobile number?
Can we associate multiple phone numbers to a consumer account
without custom/extension attribute?
Regarding point 1, even if we manage to create it, should we use this policy. Is it a good practice?
Yes, you'd have to create it via custom policy.
Yes, via custom policy you'd have to create an additional endpoint. This endpoints points to a db with a list of phone numbers and returns true if it's in that list. As for best practice, it's dependent on the user requirements.
It's a bit tricky to develop custom policies.
Here's a good starting point: https://learn.microsoft.com/en-us/azure/active-directory-b2c/solution-articles
I am implementing MFA custom policy with Email or Phone option. I want to restrict user to login if phone number is not registered. In my current implementation it is showing a screen to input new number if it is not registered yet , I wanted to restrict user from adding new mobile if not found.
I tried playing with orchestration steps but not able to find the correct output claim to check if user is already registered or not?
You can’t really check per se, AAD B2C has a built in uniqueness checker if you write to the identifier field - signInNames. You can store the phone number in signInNames.phoneNumber and then your uniqueness check is handled by the policy itself when you try to write the value. That prevents any user enrolling a phone number that already exists on another account.
I am an engineer from the Azure B2C support team and I have a customer with the following concern: Is it possible to use an office phone with phone extension on the MFA settings for either user flow or custom policy? Is this something we can modify? All I get is how to enable and disable it.
Thanks in advance.
Currently MFA with office phone (extension) is not available with User flow/Custom policy.
As the Azure recently added the phone sign-up and sign-in with custom policies to the public preview.
we may expect this feature in future.
You can raise User voice on this request.
For office phone with extension there is two-factor verification method but not using User flow/Custom policy
We are looking to use mobile number as username for our users to sign in. In the Signup journey we just want to send one time password to validate if they have put the correct phone number.
Is it possible to achieve this using Azure B2C IEF?
Please note we do not need 2FA as we just want to validate once at the time of sign up if user has put the correct mobile number.
Your help will be greatly appreciated.
Thanks,
A
Have a look at the sample.
"A B2C IEF Custom Policy which allows login via Phone Number (TOTP)".
Have a look at the issues viz.
"You need to use the SocialAndLocalAccountsWithMfa starter pack not the SocialAndLocalAccounts as per the Readme.
There is a missing:
ClaimsProviders
ClaimsProvider
in the xml.
When you run the sample, when it asks "Enter user name", you need to enter the phone number."
I came across this issue in my app, that azure is letting user register themselves from email and social media (using registered email) both. Thus there are two users with same email Id.
Can you guys help me out in this one?
Thank you.
As of now in basic policies, it is not possible. But in advanced policies (IEF) you can make a trick by calling an API to check user email existence using Graph APIs and return success or exception.
There is an account linking feature which is in the roadmap and you can vote for that at https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/13214529-azure-ad-b2c-how-to-avoid-validate-duplicate-s