Share via

How to send SMS authentication to default number on custom Policy Azure b2c

emmanuel hdz 80 Reputation points
2023-12-14T23:23:55.57+00:00

Hi, this is the scenario for a single sign-in policy:

The user signs in with credentials stored on an external server. Once the user enters the correct credentials, the policy proceeds to select the authentication method.

I want to implement phone authentication without retrieving (reading the object ID on my Microsoft Entra). The code is supposed to be sent to a specific number. How is it possible to send the SMS to a specific number? I'm sharing my custom policy. Thanks.

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Accepted answer
  1. Ravi Kanth Koppala 3,391 Reputation points Microsoft Employee Moderator
    2023-12-16T03:00:54.2933333+00:00

    @emmanuel hdz

    To send SMS authentication to a specific number in a custom policy Azure B2C, you can use the PhoneFactor technical profile. This technical profile sends an SMS message to the phone number specified in the input claim. You can use this technical profile in your custom policy to send an SMS message to a specific phone number.

    Here's an example of how to use the PhoneFactor technical profile in your custom policy:

    <TechnicalProfile Id="PhoneFactor-SendCode">
  <DisplayName>Send code using PhoneFactor</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.PhoneFactorProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="Content-Type">application/json</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
    <Item Key="language.button_continue">Continue</Item>
    <Item Key="language.button_cancel">Cancel</Item>
    <Item Key="language.phonefactor_instructions">Enter the code you received on your phone.</Item>
    <Item Key="language.phonefactor_sendcode_retry">Resend code</Item>
    <Item Key="language.phonefactor_sendcode">Send code</Item>
    <Item Key="language.phonefactor_entercode">Enter code</Item>
    <Item Key="language.phonefactor_verifycode">Verify code</Item>
    <Item Key="language.phonefactor_resendcode">Resend code</Item>
    <Item Key="language.phonefactor_sendcode_wait">Please wait...</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="phoneNumber" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="verificationCode" />
  </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
</TechnicalProfile>

    In this example, the phoneNumber claim is used as the input claim to the PhoneFactor technical profile. The verificationCode claim is used as the output claim to store the verification code sent to the phone number.

    To use this technical profile in your custom policy, you can add a validation technical profile that references the PhoneFactor technical profile:

    <TechnicalProfile Id="PhoneFactor-Validation">
  <DisplayName>PhoneFactor Validation</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.PhoneFactorProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="Content-Type">application/json</Item>
    <Item Key="IncludeClaimResolvingInClaimsHandling">true</Item>
    <Item Key="IpAddressClaimReferenceId">IpAddress</Item>
    <Item Key="language.button_continue">Continue</Item>
    <Item Key="language.button_cancel">Cancel</Item>
    <Item Key="language.phonefactor_instructions">Enter the code you received on your phone.</Item>
    <Item Key="language.phonefactor_sendcode_retry">Resend code</Item>
    <Item Key="language.phonefactor_sendcode">Send code</Item>
    <Item Key="language.phonefactor_entercode">Enter code</Item>
    <Item Key="language.phonefactor_verifycode">Verify code</Item>
    <Item Key="language.phonefactor_resendcode">Resend code</Item>
    <Item Key="language.phonefactor_sendcode_wait">Please wait...</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="phoneNumber" />
    <InputClaim ClaimTypeReferenceId="verificationCode" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="objectId" PartnerClaimType="sub" />
    <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="localAccountAuthentication" />
  </OutputClaims>
  <ValidationTechnicalProfiles>
    <ValidationTechnicalProfile ReferenceId="login-NonInteractive" />
  </ValidationTechnicalProfiles>
</TechnicalProfile>

    In this example, the phoneNumber and verificationCode claims are used as input claims to the PhoneFactor validation technical profile. The objectId claim is used as the output claim to store the object ID of the user. The authenticationSource claim is used as the output claim to indicate that the user was authenticated using phone factor authentication.

    If the suggestion doesn't solve your problem. Can you please share your custom policy so that the community can help you? Thanks.

    References:

    AI Note: This comment is generated using the Microsoft Q&A AI Assist tool.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.