AAD B2C custom email verification with Azure Communication Services (ACS) (Azure smtp server)

Question

AAD B2C custom email verification with Azure Communication Services (ACS) (Azure smtp server)

Amaaz Arshad 135

In AAD B2C custom policies, I want to customize verification email using Azure smtp server i.e. Azure Communication Services (ACS) instead of third party SMTP servers such as sendgrid or mailjet, but i think that the Microsoft provides official documentation of custom email verification with only sendgrid and mailjet. Can anyone help me on this?

Siva Nair 2,420 Reputation points Microsoft External Staff Moderator

2025-05-12T22:15:45.1866667+00:00
Hi Amaaz Arshad,

Yes Currently, Microsoft primarily provides official documentation for integrating with third-party SMTP providers, such as SendGrid and Mailjet, and they seem to expect the use of these services for custom email verification setup. While there isn't a dedicated guide for using ACS with Azure AD B2C custom policies. However, you can try using Azure Communication Services that supports sending emails through a custom REST API.

You may need to build a custom REST API that acts as a bridge between Azure AD B2C and Azure Communication Services. This API will handle incoming requests from Azure AD B2C to send emails.

In your Azure AD B2C custom policy, you’ll configure the API call to your custom REST endpoint when the email verification occurs.

Ensure that you handle JWTs correctly to validate requests sent from Azure AD to your API, enhancing security.

It's essential to test this integration thoroughly to confirm that email sending works as expected and that the email format meets your requirements.

If you have any further assistant, do let me know.
Amaaz Arshad 135 Reputation points

2025-05-13T06:58:22.2566667+00:00

Hello @Siva Nair can you elaborate on the steps on how to do it step by step
Bhargavi Naragani 6,055 Reputation points Microsoft External Staff Moderator

2025-05-14T01:09:02.7033333+00:00

Hi @Amaaz Arshad,
Thank you for your follow-up.

Although Azure AD B2C doesn't natively support sending verification emails via Azure Communication Services (ACS), you can achieve this by implementing a custom REST API. The approach involves using custom policies (Identity Experience Framework) to invoke a RESTful technical profile configured to send emails using the ACS Email SDK.

First, set up Azure Communication Services for email sending and verify a custom domain as outlined here, https://learn.microsoft.com/en-us/azure/communication-services/quickstarts/email/send-email?tabs=windows%2Cconnection-string%2Csend-email-and-get-status-async%2Csync-client&pivots=platform-azportal

Next, create a REST API (in your preferred stack such as .NET or Node.js) that accepts POST requests with the email address and verification code, and sends the email via ACS. Securely host this API (e.g., in Azure App Service) and optionally protect it using JWT token validation to ensure it's only accessible by Azure AD B2C.

Then, in your custom policy XML (e.g., TrustFrameworkExtensions.xml), define a RESTful technical profile pointing to your API. This is similar to how Microsoft demonstrates using SendGrid or MailJet, as shown in this article, https://learn.microsoft.com/en-us/azure/active-directory-b2c/custom-email-sendgrid?pivots=b2c-user-flow

Finally, invoke this technical profile in the appropriate orchestration step (e.g., during sign-up or password reset) so that the email is triggered when needed.

While there’s no official guide for ACS specifically, this pattern has been successfully used by other users replacing third-party email services with ACS by following the same REST API flow. Let me know if you’d like code samples or policy snippets to help you get started.

Hope this helps, if you have any further concerns or queries, please feel free to reach out to us.

Accepted answer

0 additional answers

Your answer

Siva Nair 2,420 Reputation points Microsoft External Staff Moderator

2025-05-12T22:15:45.1866667+00:00

Hi Amaaz Arshad,

Yes Currently, Microsoft primarily provides official documentation for integrating with third-party SMTP providers, such as SendGrid and Mailjet, and they seem to expect the use of these services for custom email verification setup. While there isn't a dedicated guide for using ACS with Azure AD B2C custom policies. However, you can try using Azure Communication Services that supports sending emails through a custom REST API.

You may need to build a custom REST API that acts as a bridge between Azure AD B2C and Azure Communication Services. This API will handle incoming requests from Azure AD B2C to send emails.

In your Azure AD B2C custom policy, you’ll configure the API call to your custom REST endpoint when the email verification occurs.

Ensure that you handle JWTs correctly to validate requests sent from Azure AD to your API, enhancing security.

It's essential to test this integration thoroughly to confirm that email sending works as expected and that the email format meets your requirements.

If you have any further assistant, do let me know.
Amaaz Arshad 135 Reputation points

2025-05-13T06:58:22.2566667+00:00

Hello @Siva Nair can you elaborate on the steps on how to do it step by step

Answer 1

Hello Amaaz Arshad,

I understand you are trying to customize the email verification process in Azure AD B2C custom policies using Azure Communication Services (ACS) SMTP, instead of using third-party providers such as SendGrid or Mailjet.

While Azure AD B2C does not support direct SMTP configuration within its policies, Azure Communication Services introduced SMTP support in April 2024. This allows you to implement a workaround by using a custom RESTful API that communicates with ACS SMTP to send verification emails.

To achieve this, you can follow the steps below:

Backend API Implementation :

Create a REST API (for example, in Node.js, Python, or .NET) hosted on Azure App Service or Azure Functions.
This API should accept email and verificationCode as input and send the email using ACS SMTP.
Use a library such as nodemailer (Node.js) or System.Net.Mail (.NET) to connect to the ACS SMTP endpoint.
Authenticate with the ACS SMTP credentials. You can retrieve these from the Azure portal after creating the ACS Email resource.

Sample SMTP client (Node.js using nodemailer):

const nodemailer = require('nodemailer');
const transporter = nodemailer.createTransport({
  host: '<your-smtp-host>.azurecomm.net',
  port: 587,
  secure: false,
  auth: {
    user: '<your-smtp-user>',
    pass: '<your-smtp-password>'
  }
});
async function sendVerificationEmail(email, code) {
  await transporter.sendMail({
    from: '<your-smtp-user>',
    to: email,
    subject: 'Your verification code',
    text: `Your verification code is: ${code}`
  });
}

In the TrustFrameworkExtensions.xml, configure a RESTful technical profile to call the API:

<TechnicalProfile Id="SendVerificationEmail">
  <DisplayName>Send email via ACS SMTP</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.RestfulProvider, Web.TPEngine">
    <Metadata>
      <Item Key="ServiceUrl">https://your-api.azurewebsites.net/send-email</Item>
      <Item Key="SendClaimsIn">Body</Item>
      <Item Key="AuthenticationType">None</Item>
      <Item Key="AllowInsecureAuthInProduction">false</Item>
    </Metadata>
    <InputClaims>
      <InputClaim ClaimTypeReferenceId="email" />
      <InputClaim ClaimTypeReferenceId="verificationCode" />
    </InputClaims>
    <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop" />
  </Protocol>
</TechnicalProfile>

<OrchestrationStep Order="2" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="SendVerificationEmail" />

Check the email and verificationCode claims are created and populated earlier in your journey.

References

Hope it helps!

Please do not forget to click "Accept the answer” and Yes wherever the information provided helps you, this can be beneficial to other community members.

User's image

If you have any other questions or still running into more issues, let me know in the "comments" and I would be happy to help you.

Amaaz Arshad 135 Reputation points

2025-05-28T08:56:18.7133333+00:00

@Suresh Chikkam Thanks for your solution. It worked.

Share via

AAD B2C custom email verification with Azure Communication Services (ACS) (Azure smtp server)

References

0 additional answers

Your answer