How to configure 14 days login without MFA option in Azure ADB2C custom policy

sidh c 25 Reputation points
2023-08-29T07:23:55.1566667+00:00

I have configured a custom policy in azure ADB2C with custom MFA for my application and there is a option for keep me alive for the login page but I need a 14 days login without MFA option.
so that if a user select the option then for 14 days from the day of selection there should not be a ask for MFA. Is there any possibility for that using custom policy.

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,951 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akshay-MSFT 17,961 Reputation points Microsoft Employee
    2023-08-30T09:30:59.8866667+00:00

    @sidh c

    Thank you for posting your query on Microsoft Q&A. From above description I could understand that you have MFA configured for your B2C user signin journey, and you want to users who enable KMSI, then they should not be asked for MFA for next 14 days.

    Please do correct me if this is not the case by responding in the comments section.

    KMSI is places a persistent cookie in the user session, which avoids reauthentication if browser has been closed. (Used only for browser closing scenarios).

    User's image

    It is the Web app session lifetime (minutes) which decides the amount of time the Azure AD B2C session cookie is stored on the user's browser after successful authentication. You can set the session lifetime up to 24 hours and could be extended only when you have a cookie based authentication.

    We could not control MFA alone from authentication as it is triggered when Access and Refresh token expires. Each time user is forced to reauthenticate MFA would trigger in. Tokens time could be controlled by configuring the "refresh token lifetime"

    The maximum time period before which a refresh token can be used to acquire a new access token, if your application had been granted the offline_access scope. The default is 14 days. The minimum (inclusive) is one day. The maximum (inclusive) 90 days.

    User's image

    configure user flows tokens in Azure portal.

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.