This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 61%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERK%3C/text%3E%3C/svg%3E)
Hi Team,
I am using Azure AD B2C custom policies for sign in and sign up and uses mobile number to sign in a user.
In case of forgot password, what i want is that only those members should be able to receive the OTP code whose mobile number is registered with the application or have an account.
right now it is not working like this and is sending code any mobile number whatsoever.
Please help
@AmanpreetSingh-MSFT , can you please help sir ? looking forward for your response
@AmanpreetSingh-MSFT ,can you please help sir ? looking forward for your response
Hi @Ronnie Kapoor , the best way to do this is by using self service password reset and integrating MFA. May I ask why you are using custom policies for this? It seems that your needs are covered this way. I can help you further with custom policies if needed, but I think this is a better option. Please let me know!
Thanks,
James
We are using custom policies because we have custom validations and drop downs in which data is populated from DB. We also have custom client side validations. So that's why we are using custom policies.
Is it possible to achieve via custom policies?
@James Hamil any update ?