How to configure Azure b2c Sign Up and Sign In using only Username with MFA using Email or Phone and Unique Email/Phone and Custom field?

Mepani Arvindkumar Vishram 1 Reputation point
2020-10-20T16:49:41.667+00:00

I am exploring Azure AD B2C Scenario but XML policy and its technical terminology looks very complex for me.

I am configuring Azure AD B2C Policy for the existing system which is based on username and password. Unique Username and UniqueId generated in the existing system.

So, I need to configure Azure AD B2C Sign Up and Sign In

  • Using Username Only
  • Store EmployeeId in Azure B2C Directory while Sign up and need to check unique EmployeeId in the B2C directory
    • MFA using Email or Phone with a username. Users can select either option.
    • Password Reset with MFA Either using Email and Phone Number based on preference

I am not sure this type of custom policy can be possible or not.

Is there any Azure B2C custom policy that has a similar kind of user flow or functionality?

I don't know how to combine validation, username flow, and MFA with Either Phone or Email and Same for Password Reset.

How can we restrict unique verified Email/Phone with each username for SSPR?

I am not sure where to start for custom policy.

Any help or suggestion much appreciated Thanks in Advance

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,571 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. James Hamil 20,741 Reputation points Microsoft Employee
    2020-10-20T22:04:26.433+00:00

    Hi! Yes, this can be done. this thread goes into detail on how to achieve sign up/ sign in using username and email by custom policy. There are also workflow examples here. Please let me know if I can clarify anything for you. Hope this helps!

    Best,
    James

    0 comments No comments

  2. Mepani Arvindkumar Vishram 1 Reputation point
    2020-10-21T05:28:44.507+00:00

    Thank you James for Response.

    Provided user workflow will not work for the below situation, we need to use custom policy I think.

    I have referred that Signup and sign in using username policy but also need to extend to it by

    • Providing validation check of a unique custom attribute for each user
    • Enable MFA but the user can configure either using Email or Phone
    • Password Reset based on Configured MFA approach
    • Is it possible to enforce a unique Email or PhoneNumber along with a Unique username?

    I am not sure how to combine all the above features using Azure AD B2C Custom policy