This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 79%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
I had a requirement to have an optional MFA setup for the user, and I need to offer the option to the user to skip the MFA setup, it will be based on an interval, for example at signing on each 10 days user will see an MFA setup page and will have 2 options enable it or skip it.
I am using Custom Policy with MFA. It works fine, but needs such a fancy combination in some cases, it will be based on the user's custom attribute if it is allowed then the user can skip, else he should set up MFA.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Vadim Kh ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Hi @Vadim Kh ,
Thanks for reaching out.
I understand you are trying to setup conditional MFA setup for users, with the option to skip MFA based on custom attribute.
You first need to create a custom attribute for users that indicates whether they are allowed to skip MFA setup.
Add claims transformation to check the user's custom attribute.
<ClaimsTransformation Id="CheckMFAAllowance" TransformationMethod="CompareClaimValue">
<InputClaims>
<InputClaim ClaimTypeReferenceId="extension_MFAAllowance" TransformationClaimType="inputClaim" />
</InputClaims>
<InputParameters>
<InputParameter Id="compareTo" DataType="string" Value="allow" />
</InputParameters>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="extension_MFAAllowed" TransformationClaimType="outputClaim" />
</OutputClaims>
</ClaimsTransformation>
If the attribute value is set to "allow", the policy should skip the MFA setup page and allow the user to sign in without MFA. If the attribute value is not set to "allow", the policy should require the user to complete MFA setup before allowing sign-in.
Based on this custom attribute value, you can you precondition step in your user journey to skip the MFA step.
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>extension_MFAAllowed</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="SelfAsserted-Select-MFA-Method" TechnicalProfileReferenceId="SelfAsserted-Select-MFA-Method" />
</ClaimsExchanges>
</OrchestrationStep>
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.
I know how to skip based on attributes, I need to give a user ability to skip, I want to show the MFA configuration step to the user, but the user will decide to skip it or set it up. And Skip button will be based on the attribute so one user will have access to skip, and another one will not have the option to press the skip button.
Thanks
Hi Vadim Kh •,
This can be achieved using HTML and Javascript to custom your page based on the user attribute. You can add a "Skip" button to the MFA configuration step and control its visibility based on the user's attributes.
Then, you can use a custom policy to control the visibility of the "Skip" button based on the attribute value.
You can refer https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-sign-up-versioned-tou where based on user's login terms of use is prompt for some users and not for all.
Here custom attribute has been used to skip the prompt.
Thanks,
Shweta
Thanks for showing the path. The last issue that is blocking me from finishing this is that UserInputType does not have a button type, it is an input checkbox radio-box, and so on
Can you help with how to have a custom button or a link('a') on the page?
Thanks,
Vadim
Hi @Vadim Kh ,
You need to customize the page using HTML and enable JavaScript to add the link in your custom sign up/sign in page.
Hope this will help.
Thanks,
Shweta
Please remember to "Accept Answer" if answer helped you.