Integrate Fingerprint authentication method on Azure B2C

emmanuel hdz 80 Reputation points
2024-01-13T14:57:00.05+00:00

Hi, I've conducted some research on fingerprint recognition for login purposes. However, I would like to inquire whether it is possible to integrate this method without storing any user information or data on Microsoft Entra. Currently, my custom policy does not save any user information on Microsoft Entra. In the login technical profile (user journey), I fetch an API to retrieve user information and validate if the user exists or has provided incorrect credentials. I would like to know if it's possible to integrate the fingerprint method with my current custom policy. If so, I would appreciate guidance on the process and how users will experience these steps, perhaps in a web view or another method? If implementing this process is overly complex, would it be a better option to consider a different library for my mobile app? Thanks.

Microsoft Security Microsoft Entra Microsoft Entra ID
{count} votes

Accepted answer
  1. Pinaki Ghatak 5,600 Reputation points Microsoft Employee Volunteer Moderator
    2024-01-13T16:11:45.48+00:00

    Hello @emmanuel hdz Yes, it is possible to integrate fingerprint recognition for login purposes in Microsoft Entra without storing any user information. Microsoft Entra offers passwordless authentication options that integrate with Microsoft Entra ID, such as Windows Hello for Business and Microsoft Authenticator. These methods use biometric data or a PIN for authentication, which are directly tied to the user’s device, preventing access from anyone other than the owner. For integrating this with your current custom policy, you might want to look into Microsoft Entra’s API-driven provisioning. This allows you to bring identities from any source into Microsoft Entra ID. You can use your automation tool of choice to send information to Microsoft Entra API-driven provisioning. As for the user experience, a user signs into Windows using a biometric or PIN gesture. This gesture unlocks the Windows Hello for Business private key and is sent to the Cloud Authentication security support provider. The entire process is done within the device, ensuring no user data is stored in Microsoft Entra. If you find this process complex, there are alternative libraries available for integrating fingerprint recognition in mobile apps. Some open-source projects on GitHub include sourceafis-java, Fingerprint-Feature-Extraction, and fingerprint-gui. For React Native apps, you can use expo-local-authentication. You can also check out fingerprintjs and App Lock for Android apps. Please ensure to review the documentation and community support for these libraries to determine if they meet your requirements. If this answers your question?


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.