Custom Policy for azure ad b2c not working with custom email and Totp (both) working seperately

Momin Naveed 5 Reputation points
2023-05-31T10:35:28.29+00:00

I am working with azure ad b2c custom policy for authenticating our users. We needed custom email verification and totp MFA flow both in our signup/signin flow. Though through samples provided by microsft we are able to implement custom email and totp separately like if we only have custom email the flow works or if we don't send custom email and just implement totp MFA it works as soon as we integrate custom verification email totp or QR scan page if not loaded. image_2023_05_29T16_34_25_486Z

as you can see this we have the signup page working but after filling the form this error occurs
image_2023_05_29T16_37_11_972Z

while it should show qr scan page like this
image_2023_05_29T16_37_56_815Z

i have app insights setup on this signup/signin flow and the exception that I received is as folows:
Exception Message: A Claim of ClaimType with id "totpIdentifier" was not found, which is required by the ClaimsTransformationImpl of Type "Microsoft.Cpim.Data.Transformations.FormatStringMultipleClaimsTransformation" for TransformationMethod "FormatStringMultipleClaims" referenced by the ClaimsTransformation with id "CreateUriLabel" in policy "B2C_1A_TrustFrameworkExtensions" of tenant "-----.onmicrosoft.com"., Exception Type: PolicyException,

I checked this error we have this claim type in our policy but maybe something is not working here. Help would be appreciated thanks!

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,759 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Evan Levy 0 Reputation points
    2023-07-13T15:09:06.9666667+00:00

    I solved this issue by changing the claim transformation to copy email to totpIdentifier to use "signInNames.emailAddress" and also added an output claim for "signInNames.emailAddress" for "LocalAccountDiscoveryUsingEmailAddress" technical profile

    0 comments No comments