Azure AD B2C Custom policy : How to skip "The code has been verified" step

Isaac Zolana 85 Reputation points
2024-03-01T22:12:45.6133333+00:00

I would like to know how we can skip the following step on the forgot password journey

User's image

(The above screenshot was taken from the following demo : https://github.com/azure-ad-b2c/unit-tests/tree/main/technical-profiles/OneTimePassword#generate-an-otp)

I wrote a custom policy in which I use sendgrid to generate, send and verify a One Time Password. My current issue is that I would like to skip the "The code has been verified. You can now continue." and instead reach the reset password page as soon as possible. I have not found a metadata I can provide to my technical profile to allow me to simply skip that step after I have pressed the verify button. Can you help me skip that step using custom policies ?

[Taken from comment]

I have a signin/login user journey :

<UserJourneys>
    <UserJourney Id="Login">
      <OrchestrationSteps>
        
        <!-- Login page. -->
        <OrchestrationStep Order="1" Type="CombinedSignInAndSignUp"
          ContentDefinitionReferenceId="api.login">
          <ClaimsProviderSelections>
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
            <ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
          </ClaimsProviderSelections>
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSigninEmailExchange"
              TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <!-- Check if the user has selected to sign in using one of the social providers. Currently we only use local provider. -->
        <OrchestrationStep Order="2" Type="ClaimsExchange">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="true">
              <Value>objectId</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <ClaimsExchanges>
            <ClaimsExchange Id="ForgotPasswordExchange" TechnicalProfileReferenceId="ForgotPassword" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <!-- Invoked when user presses "Forgot Password?" -->
        <OrchestrationStep Order="3" Type="InvokeSubJourney">
          <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
              <Value>isForgotPassword</Value>
              <Action>SkipThisOrchestrationStep</Action>
            </Precondition>
          </Preconditions>
          <JourneyList>
            <Candidate SubJourneyReferenceId="PasswordReset" />
          </JourneyList>
        </OrchestrationStep>

        <!-- This step reads any user attributes that we may not have received when in the token. -->
        <OrchestrationStep Order="4" Type="ClaimsExchange">
          <ClaimsExchanges>
            <ClaimsExchange Id="AADUserReadWithObjectId"
              TechnicalProfileReferenceId="AAD-UserReadUsingObjectId" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <OrchestrationStep Order="5" Type="SendClaims"
          CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
      </OrchestrationSteps>
      <ClientDefinition ReferenceId="DefaultWeb" />
    </UserJourney>
  </UserJourneys>

Where, if the user clicks on "forgot password?" He will then run the sub journey I have defined.

<SubJourneys>
    <SubJourney Id="PasswordReset" Type="Call">
      <OrchestrationSteps>
        <!-- Validate user's email address. -->
        <OrchestrationStep Order="1" Type="ClaimsExchange">
          <ClaimsExchanges>
            <ClaimsExchange Id="PasswordResetUsingEmailAddressExchange"
              TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
          </ClaimsExchanges>
        </OrchestrationStep>

        <!-- Collect and persist a new password. -->
        <OrchestrationStep Order="2" Type="ClaimsExchange">
          <ClaimsExchanges>
            <ClaimsExchange Id="NewCredentials"
              TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
          </ClaimsExchanges>
        </OrchestrationStep>
      </OrchestrationSteps>
    </SubJourney>
  </SubJourneys>

What I am trying to remove, is one of the views that is displayed as the user follows the user journey. Let's take the demo Generate OTP as an example (It displays the same views that we have in our application, minus the design changes we applied to it.)

#1 We enter our email address and request a verification code

User's image

#2 We paste our verification code in the appropriate input field and press "verify"User's image

#3 After pressing "verify, we are presented with the following view

User's image

We would like to remove this view and instead go straight into the next step which would require the user to set his new password and confirm his new password.

Is it possible to do that ?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,366 questions
0 comments No comments
{count} votes

Accepted answer
  1. Shweta Mathur 29,741 Reputation points Microsoft Employee
    2024-03-05T08:39:06.39+00:00

    Isaac Zolana

    So, you want to verify the email verification but don't want particular screen to say that the 'The code has been verified' and option to update email address? Is my understanding, correct?

    There is no setting in the custom policy that can be configured to hide that particular view.

    If that is the case, then you need to customize the user interface by using HTML template https://learn.microsoft.com/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-custom-policy

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Shweta Mathur 29,741 Reputation points Microsoft Employee
    2024-03-04T06:11:10.7866667+00:00

    Hi @Isaac Zolana ,

    Thanks for reaching out.

    I can understand you are trying to skip the email verification step in your custom policy and looking for metadata to skip that.

    By default, Azure Active Directory B2C (Azure AD B2C) verifies your customer's email address for local accounts.

    To disable the email verification, set the EnforceEmailVerification metadata to false in the LocalAccountSignUpWithLogonEmail technical profiles in the extension file.

    <ClaimsProvider>
      <DisplayName>Local Account</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
          <Metadata>
            <Item Key="EnforceEmailVerification">false</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>
    
    
    

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.