Share via

How to integrate and configure Azure AD B2C Custom Policy to send MFA SMS step by step?

Palani Gangadurai 0 Reputation points
2025-04-04T11:08:35.4566667+00:00

Hi, I am looking for a detailed, step-by-step guide to integrate and configure Multi-Factor Authentication (MFA) using SMS in Azure AD B2C with Custom Policies. I need help understanding how to:

  • Define the phoneNumber claim type with proper validation (E.164 format).
  • Collect the phone number input using a SelfAsserted technical profile.
  • Configure the PhoneFactor technical profile correctly.
  • Add the necessary orchestration steps.
  • Ensure proper session management and claim transformations (like userIdForMFA if needed).

I tried to integrate the below Twillio integration documents for sending a custom SMS in Azure AD B2C Custom Policy:

Guidelines: Twilio Verify App with Azure Active Directory B2C - Azure AD B2C | Microsoft Learn

Azure Custom Policy XML code sample: samples/policies/twilio-mfa-psd2/policy/SignUpSignIn at master · azure-ad-b2c/samples

Regards,

Palani

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kancharla Saiteja 5,810 Reputation points Microsoft External Staff Moderator
    2025-04-07T22:44:51.8433333+00:00

    Hi @Palani Gangadurai,

    Based on your query, here is my understanding: You would like to configure MFA in your Azure AD B2C using custom policies.

    I see you would like to have custom MFA in your tenant to which you have chosen the right way by using the mentioned documents: Integrating Twilio Verify App with Azure Active Directory B2C. Twilio helps in customization of MFA and can set as per your requirement. I believe you have configured these policies using this document: twilio-mfa-psd2. Please make sure you have configured all the policies including TrustFrameworkExtensionsPSD2.xml and TrustFrameworkExtensionsPSD2StepUp.xml, which make sure your claims have properly configured.

    TrustFrameworkExtensionsPSD2.xml defines the claims, claims transformation and strong authentication as well. Once you configure these parameters here, then you can update the setup in TrustFrameworkExtensionsPSD2StepUp.xml. This configuration will help you in operating custom MFA successfully.

    If you would like to go with Azure AD B2C standard MFA, please go through this document: Enable multifactor authentication in Azure Active Directory B2C.

    Here is the sample to configure MFA with TOTP: Azure AD B2C MFA with TOTP using any Authenticator app

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.