Azure AD B2C - passwordless only login with email and phone

MavWolverineTF 5 Reputation points
2025-03-27T14:54:07.5333333+00:00

I am trying to create a custom policy where consumer can signup and signin with phone or email using one time code.

Following the documentation and various samples available, I managed to create this policy.

Signup works as expected. Signin with phone works as expected.

But I haven't been able to get the signin with email to work. The second page just shows the email textbox. No send verification code button or enter verification code textbox.

I have tried various configs from different samples, but it results in internal server error.

Need help getting the signin with email to work the same as signin with phone.

https://gist.github.com/mavwolverine/f91d6d3cfef5d30b2d31c6956c0a3804

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Kancharla Saiteja 5,900 Reputation points Microsoft External Staff Moderator
    2025-04-01T19:12:00.0466667+00:00

    Hi @MavWolverineTF,

    Based on your query, here is my understanding: You would like to sign in with email verification code to the application.

    I found that you have no issue while sign in with phone number, but you are unable to get a button to generate a code for one time verification using email address. In order to achieve it, you need to configure a technical profile to generate a code and add it to your email sign in technical profile. Here is the Microsoft document which you can use to create a technical profile to generate a code:

    Define a one-time password technical profile in an Azure AD B2C custom policy

    Here is the sample code to generate a code:

    <TechnicalProfile Id="GenerateCode">
      <DisplayName>Generate Code</DisplayName>
      <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.OneTimePasswordProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
      <Metadata>
        <Item Key="Operation">GenerateCode</Item>
        <Item Key="CodeExpirationInSeconds">600</Item>
        <Item Key="CodeLength">6</Item>
        <Item Key="CharacterSet">0-9</Item>
        <Item Key="NumRetryAttempts">5</Item>
        <Item Key="NumCodeGenerationAttempts">10</Item>
        <Item Key="ReuseSameCode">false</Item>
      </Metadata>
      <InputClaims>
        <InputClaim ClaimTypeReferenceId="identifier" PartnerClaimType="identifier" />
      </InputClaims>
      <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otpGenerated" PartnerClaimType="otpGenerated" />
      </OutputClaims>
    </TechnicalProfile>
    

    This code generation and verification metadata has to be configured in Self Asserted technical profile which can be configured using this document: Define a self-asserted technical profile in an Azure Active Directory B2C custom policy.

    If you would like to have direct policies for password less sign in with email verification, here is the GitHub sample document: Azure AD B2C: Password-less sign-in with email verification

    This document has all the required information which helps you in configuration. I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment".


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.