Share via

How to configure Azure b2c Sign Up and Sign In using only Username with MFA using Email or Phone and Unique Email/Phone and Custom field?

Mepani Arvindkumar Vishram 1 Reputation point
2020-10-20T16:49:41.667+00:00

I am exploring Azure AD B2C Scenario but XML policy and its technical terminology looks very complex for me.

I am configuring Azure AD B2C Policy for the existing system which is based on username and password. Unique Username and UniqueId generated in the existing system.

So, I need to configure Azure AD B2C Sign Up and Sign In

  • Using Username Only
  • Store EmployeeId in Azure B2C Directory while Sign up and need to check unique EmployeeId in the B2C directory
    • MFA using Email or Phone with a username. Users can select either option.
    • Password Reset with MFA Either using Email and Phone Number based on preference

I am not sure this type of custom policy can be possible or not.

Is there any Azure B2C custom policy that has a similar kind of user flow or functionality?

I don't know how to combine validation, username flow, and MFA with Either Phone or Email and Same for Password Reset.

How can we restrict unique verified Email/Phone with each username for SSPR?

I am not sure where to start for custom policy.

Any help or suggestion much appreciated Thanks in Advance

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2020-10-20T22:04:26.433+00:00

    Hi! Yes, this can be done. this thread goes into detail on how to achieve sign up/ sign in using username and email by custom policy. There are also workflow examples here. Please let me know if I can clarify anything for you. Hope this helps!

    Best,
    James

    0 comments
  2. Mepani Arvindkumar Vishram 1 Reputation point
    2020-10-21T05:28:44.507+00:00

    Thank you James for Response.

    Provided user workflow will not work for the below situation, we need to use custom policy I think.

    I have referred that Signup and sign in using username policy but also need to extend to it by

    • Providing validation check of a unique custom attribute for each user
    • Enable MFA but the user can configure either using Email or Phone
    • Password Reset based on Configured MFA approach
    • Is it possible to enforce a unique Email or PhoneNumber along with a Unique username?

    I am not sure how to combine all the above features using Azure AD B2C Custom policy

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.