Hello @John Walter , to choose a MFA method during a user journey is doable trough Custom Policies. The easiest way would be to pass the prefered MFA method selector as a query param (Eg. ?mfaMethod=phone
) so it can be read using OAuth2 key-value parameters and assigned to a claim type. Depending on the claim type you would choose the proper orchestration step. A default method (Eg. email
) would be hard coded in case the param is not provided. Depending on the method chosen a link would be added using UI customization and JavaScript.
Take a look to https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-email-or-phone for a sample of orchestration step for different MFA method. Instead of the extension_mfaByPhoneOrEmail
claim, you would use a custom one (Eg. mfaMethod
) sources from the previously proposed query/Oauth2 key-value param.
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.