Share via

How to enable MFA for particular request in Azure AD B2C custom policies

Mikhail Baluev 1 Reputation point
2022-07-13T07:36:03.657+00:00

I have configured two sugn-up-sign-in custom policies in Azure AD B2C, one with MFA enabled, and one with MFA disabled.
And I want to login without MFA, but for some kind of requests to backend I need to acquireToken with calling MFA. I found topics that describes that in this case I should acquireToken with custom policy configured with MFA, so when I do this I have redirected to page with phone verification and after successful code entry there is a new user session created, so I have two different sessions for one user.

How should I corretly configure my custom policies to work with same session? Is it possible?

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,871 Reputation points Moderator
    2022-07-14T06:18:24.397+00:00

    Hi @Mikhail Baluev • Thank you for reaching out.

    To make it work with the same session, I would suggest you use the same custom policy rather than using two different signup/sign-in policies and update the pre-condition in the user journey to determine whether to trigger MFA or not in the given scenario.

    In this thread, I have provided details on triggering MFA only when it is not already done at the federated Azure AD tenant. You can follow a similar approach and define a precondition to trigger or skip MFA.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.