![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
25,229 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
The situation you're describing with Azure AD B2C (Azure Active Directory B2C) and the limitation to one authentication method for multi-factor authentication (MFA) in a combined Sign-Up/Sign-In (SUSI) flow is a common concern. Let's address this and explore potential solutions:
Understanding the Limitation
- Default Behavior: Azure AD B2C, by default, allows the configuration of a single method for MFA during the SUSI process. This limitation is often in place to streamline the user experience and maintain security standards.
- User Preferences: However, this can be restrictive for scenarios where different users prefer different authentication methods (e.g., Microsoft Authenticator App vs. Email).
Potential Solutions and Workarounds
- Custom Policies (Identity Experience Framework):
- Azure AD B2C's custom policies (also known as the Identity Experience Framework) offer more flexibility and can be tailored to provide multiple MFA options.
- You can design a user journey that allows the user to choose their preferred MFA method during signup or login.
- The complexity is higher, and it requires an understanding of custom policy configurations. Refer to the Azure AD B2C Custom Policy documentation for guidance.
- Conditional Access:
- If your Azure AD B2C tenant is linked with Azure AD Premium, you might leverage Conditional Access policies to define more granular controls and MFA requirements based on certain conditions (like user roles, locations, etc.).
- User Interface Customization:
- Customize the user interface of your SUSI flow to present options for MFA. This requires custom development work on top of the Azure AD B2C platform.
- Feedback to Microsoft:
- Given that product enhancements often stem from user feedback, consider providing this feedback directly to Microsoft through Azure feedback forums.
Additional Considerations
- Testing and Validation: Any custom implementation should be thoroughly tested, especially concerning security and user experience.
- Documentation and Community Support: While you've noted the lack of comprehensive documentation compared to TechNet, the Azure AD B2C documentation is continually updated. Additionally, consider reaching out to the Azure community forums for insights and shared experiences.
Conclusion
While Azure AD B2C's standard configurations might seem limiting regarding MFA methods in the SUSI flow, exploring custom policies or other advanced features can provide the flexibility you need. It's important to balance this customization with considerations for security, user experience, and maintainability.
Accept the answer if the information helped you. This will help us and others in the community as well.