How to add link to switch MFA Azure AD B2C custom policy

Kunal Gautam 0 Reputation points

How to add link to switch MFA Azure AD B2C custom policyScreenshot 2023-05-26 at 1.39.37 PM

  1. Link to change to other MFA option.
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,766 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,553 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. 2023-05-29T17:53:19.3833333+00:00

    Hello @John Walter , to choose a MFA method during a user journey is doable trough Custom Policies. The easiest way would be to pass the prefered MFA method selector as a query param (Eg. ?mfaMethod=phone) so it can be read using OAuth2 key-value parameters and assigned to a claim type. Depending on the claim type you would choose the proper orchestration step. A default method (Eg. email) would be hard coded in case the param is not provided. Depending on the method chosen a link would be added using UI customization and JavaScript.

    Take a look to for a sample of orchestration step for different MFA method. Instead of the extension_mfaByPhoneOrEmail claim, you would use a custom one (Eg. mfaMethod) sources from the previously proposed query/Oauth2 key-value param.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    0 comments No comments

  2. Kunal Gautam 0 Reputation points

    Thanks for replying @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA .

    These are the task which I need to do

    1. If user select one of the MFA then it will save in user profile and next time login user will automatically redirected to previously selected MFA [Working fine].
    2. If user is on email/phone MFA then want to change MFA option(Eg. If user's default MFA is email the it will automatically redirected to email MFA but user can switch to phone MFA from that screen) [Pending]
    0 comments No comments