Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,645 questions
AD B2C conditional MFA in user flow is not working as expected
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 47%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDP%3C/text%3E%3C/svg%3E)
Daniela Petrova Keil
0
Reputation points
We are trying to implement differentiated login for 3 different member groups in AD B2C. If a user is a member of group A, we want to avoid asking for MFA with TOTP, whereas if the user belongs to group B or C, we want to prompt for TOTP.
The user flow we have set up is as follows:
We have also created a conditional access policy for the application that includes groups B and C and grants access with MFA. However, all users, regardless of group, are forced to register TOTP on their first login, and only users belonging to group B or C are prompted for TOTP subsequently.
Is there any way to prevent users in group A from registering TOTP?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 16,696 Reputation points Microsoft Employee2023-11-07T13:11:27.6+00:00 Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will get back to you post my research.
-
Daniela Petrova Keil 0 Reputation points
2023-11-07T13:19:17.3733333+00:00 thank you @Sandeep G-MSFT
Sign in to comment