This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 82%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Hi everyone. I have a normal sign up-sign in flow for the users implemented that requires e-mail verification before the user is registered successfully. However, sometimes the verification code is never received from the customer due to corporate filtering or any other reason.
Is it possible to implement another additional hidden/private signup-signin user flow or custom policy, that allows the user (or me ) to complete the registration without verifying the e-mail address? I want the verificationless policy to work in addition to the normal policy and only for specific cases. I don't want to have a verificationless policy active publicly, because that would compromise the security of the system and make it vulnerable to possible attackers.
Example Case #1: A user tries to register normally. He never receives the verification e-mail. He contacts us, and we enable the otherwise hidden user - flow allowing him (and only him) to complete his registration without verifying the e-mail.
Example Case #2: A user tries to register normally. He never receives the verification e-mail. He contacts us, and we register the user with the specific e-mail and a random (or manually generated) password. We provide the details to the user, and he can sign in successfully.
Is any of these 2 cases possible either with enabling a "private" user flow or custom policy? Any other suggestions for this would be much appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Mixalis Nikitaras ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Hi @Mixalis Nikitaras ,
Thanks for reaching out and apologies for delay in response.
Yes, it is possible to register user without email verification. This can be achieved using both user flow and custom policy.
But, as mentioned by you it leads to serious security issues and spam the invalid users in your B2C. I understand you are looking for private user flow or custom policy to handle the verification by administrator only.
Unfortunately, we don't have any hidden flow to verify user by admin.
Case 1# However, you can register the user after disabled email verification using local account sign up and then block the user sign in from the portal by navigating to the register user's profile.
If the user's wants to sign in, can contact you and then you can enable user to sign into your application.
Case 2# You can add the user in B2C manually or using Graph API endpoint with random generated password, which you can provide to user to sign into your application directly without require signup from the user.
Hope this will help.
Thanks,
Shweta
---------------------------
Please remember to "Accept Answer" if answer helped you.