Share via

MFA in ADB2C user message count limit

ReCloudS 80 Reputation points
2023-10-09T09:01:07.51+00:00

Hii ,

I have created a userflow in the ADB2C tenant and configured the user attributes and application claims as required and in the properties I have enabled mutlifactor authentication with SMS only option. While I am testing I was able to enter the mobile number and getting only once the sms. Is there any way in the userflow can I increase the SMS limit ? How can we increase the limit of number of text messages sent to User in MFA in AD B2C ? After requesting one sms only , I am getting the above error.

Microsoft Security Microsoft Entra Microsoft Entra ID
Microsoft Security Microsoft Authenticator

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,951 Reputation points Microsoft Employee Moderator
    2023-10-10T09:52:28.14+00:00

    @ReCloudS

    Thank you for posting your query on Microsoft Q&A. From above description I could understand that you want to increase the retry count for OTP via SMS while trying to signin to the application via Azure B2C.

    Please do correct me if this is not the case by responding in the comments section.

    • I tested Userflow with MFA for both Always and Conditional Access

    User's image

    • I got option "send a new code" and was able to use it only twice.

    User's image

    • After this I did hit the limit which is 3, next time I tried again within 5 minutes and was not able to get OTP more than once.

    So this may vary between the frequency of attempts by the end user and could not be controlled by an Admin.

    However if you want to have higher number of retries allowed then you need to use custom policy, where you could define a one-time password technical profile in an Azure AD B2C custom policy

    Here NumCodeGenerationAttempts is number of maximum code generation attempts per identifier. The default value is 10 if not specified. 

    <TechnicalProfile Id="GenerateCode">
  <DisplayName>Generate Code</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="Operation">GenerateCode</Item>
    <Item Key="CodeExpirationInSeconds">600</Item>
    <Item Key="CodeLength">6</Item>
    <Item Key="CharacterSet">0-9</Item>
    <Item Key="NumRetryAttempts">5</Item>
    <Item Key="NumCodeGenerationAttempts">10</Item>
    <Item Key="ReuseSameCode">false</Item>
  </Metadata>
  <InputClaims>
    <InputClaim ClaimTypeReferenceId="identifier" PartnerClaimType="identifier" />
  </InputClaims>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="otpGenerated" PartnerClaimType="otpGenerated" />
  </OutputClaims>
</TechnicalProfile>

    Thanks,

    Akshay Kaushik

    Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.