Share via

AD B2C TOTP Custom Policy Keep Social account signed-in

Tiago Catarino 0 Reputation points
2025-05-08T14:24:03.9333333+00:00

The application I am working on has a sign-in custom policy and afterwards the user has access to other custom policies.

Issue: If the user signs-in with a social account, like google, the sign-in in the next custom policy is prompted instead of utilizing the already existing session. This issue does not happen when the user signs-in with a local account.

The following is one of the custom policies that the user has access to, after being signed-in. TOTP Custom Policy: https://github.com/azure-ad-b2c/samples/tree/master/policies/totp

This is my userJourney: https://pastebin.com/GVMk5nVP

In order to enable TOTP for any social login I added the following claimExchange:

          <ClaimsExchanges>
            <ClaimsExchange Id="AADUserReadUsingAlternativeSecurityId" TechnicalProfileReferenceId="AAD-UserReadUsingAlternativeSecurityId" />
          </ClaimsExchanges>

AAD-UserReadUsingAlternativeSecurityId Tech Profile: https://pastebin.com/UQ3nPWAJ

I have read from a Microsoft forum, someone fixed this issue by adding objectId to a specific tech profile, but didn't go into much detail on how it was fixed (also the above tech profile alrady seems to have the objectId).

Source: https://learn.microsoft.com/en-us/answers/questions/291284/azure-ad-b2c-custom-policy-how-can-i-keep-the-user

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,178 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.