This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 21%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
I can see that there is a phone only authentication (in public preview ) https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-local?pivots=b2c-user-flow#phone-or-email-sign-in-preview
Is there a similar flow to sign using only email, then get a magic link in the email and use that one to sign up/in? In other words, sign in only with email, without ever setting up a password.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @NHering22101 , thank you for reaching out. You can certainly use the following sample "https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link". This works absolutely fine and this sample enables you to sign-in using just the email and no password is required here. This sample uses the Magic-Link that gets sent to the entered email and clicking on that magic-link gets the user logged in to B2C.
Note: When using id_token_hint, you are the IDP and giving Azure AD B2C the hint. Hence you need to have a metadata endpoint. B2C can host it for you if you use the above link, but you are sharing with us the Private Key, and you may not want to do that since as an IdP you don't share your private keys
Hope this helps.
Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.
Hi @NHering22101 , the only way to do this currently is by using the Outlook client app. This document details how you can customize MFA through the app. If you're not currently using it, you can easily add the Outlook Cloud App to your conditional access policy. Please let me know if you have any questions!
If this answer helped you, please mark it at "Verified" so other users may reference it.
Thank you,
James
Thanks @James Hamil for the answer. So if I want to enable this scenario:
user with email <username>@Stuff .com signs up using B2C -> enters only his <username>@Stuff .com -> open his gmail -> receives an email from B2C with a magic link -> clicks this link -> gets authenticated in the initial application.
I cannot. Is that correct? What about this https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link does this come with some actual limiations when it comes to the real production scenario?