Azure B2C Custom policies with MFA is not working on mobile

Reddy, Santosh M 1 Reputation point
2021-07-29T15:25:39.29+00:00

Azure B2C Custom policies implementation with MFA is working fine on web.

On Mobile, We have enable the MFA with Phone or Text,
-> When user try to authenticate MFA with Text it does get re-directed to Dashboard or Home Page
-> When user try to authenticate MFA with Call it does not get re-directed to Dashboard and remain on the same page

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,999 questions
{count} votes

5 answers

Sort by: Most helpful
  1. James Hamil 26,961 Reputation points Microsoft Employee
    2021-08-06T20:47:13.82+00:00

    Hi @Reddy, Santosh M , we tested the custom policy and it works as expected for all the platforms (Android, iOS, MacOS, and Windows).

    Things to keep check:

    If there are still issues, we would need to isolate as to whether it is Azure MFA failure, or CPIM failure through logs or whether it is a UI/UX issue.

    Please let me know if this works or if you have any questions.

    If this answer helped you please mark it as "Verified" so other users may reference it.

    Thank you,
    James

    0 comments No comments

  2. Reddy, Santosh M 1 Reputation point
    2021-08-09T11:51:07.813+00:00

    i am not clear with the re-solution you shared, i am getting this issues even with the most basic policy files downloaded from starter pack,
    https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack

    here i have just updated the basic settings like,

    TenantId="<tenant_name>.onmicrosoft.com"
    PolicyId="<policy_id>"
    PublicPolicyUri="http://<tenant_name>.onmicrosoft.com/<policy_id>"

     <TechnicalProfile Id="login-NonInteractive">
          <Metadata>
            <Item Key="client_id">xxxxx</Item>
            <Item Key="IdTokenAudience">xxxx</Item>
          </Metadata>
          <InputClaims>
            <InputClaim ClaimTypeReferenceId="client_id" DefaultValue="xxxxx" />
            <InputClaim ClaimTypeReferenceId="resource_id" PartnerClaimType="resource" DefaultValue="xxxxx" />
          </InputClaims>
        </TechnicalProfile>
    

    Issues

    Using Android Device - Try to authenticate with call it does not redirect.
    Using IOS Device - Try to authenticate with text, through copy and post it does not redirect. When text entered, it does get re-directed.

    0 comments No comments

  3. Reddy, Santosh M 1 Reputation point
    2021-08-10T13:52:07.017+00:00

    I have change the content definition as below, Noted below changes

    1. MFA - with Text: Verify Code - Button is now appearing. -> This behaviour is for both web & mobile
    2. MFA - with Call: After call verification, request get re-directed to page which contain "continue" button. -> Here, continue button appear only in case of mobile, this button does not appear in case of web. Can we remove this "Continue" button. <ContentDefinitions>
      <!-- This content definition is to render an error page that displays unhandled errors. -->
      <ContentDefinition Id="api.error">
      <LoadUri>~/tenant/templates/AzureBlue/exception.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:globalexception:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:globalexception:1.2.1</DataUri>
      <Metadata>
      <Item Key="DisplayName">Error page</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.idpselections">
      <LoadUri>~/tenant/templates/AzureBlue/idpSelector.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1</DataUri>
      <Metadata>
      <Item Key="DisplayName">Idp selection page</Item>
      <Item Key="language.intro">Sign in</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.idpselections.signup">
      <LoadUri>~/tenant/templates/AzureBlue/idpSelector.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:idpselection:1.0.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:providerselection:1.2.1</DataUri>
      <Metadata>
      <Item Key="DisplayName">Idp selection page</Item>
      <Item Key="language.intro">Sign up</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.signuporsignin">
      <LoadUri>~/tenant/templates/AzureBlue/unified.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>
      <Metadata>
      <Item Key="DisplayName">Signin and Signup</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.phonefactor">
      <LoadUri>~/tenant/templates/AzureBlue/multifactor-1.0.0.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:multifactor:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:multifactor:1.2.5</DataUri>
      <Metadata>
      <Item Key="DisplayName">Multi-factor authentication page</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.selfasserted">
      <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
      <Metadata>
      <Item Key="DisplayName">Collect information from user page</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.selfasserted.profileupdate">
      <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
      <Metadata>
      <Item Key="DisplayName">Collect information from user page</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.localaccountsignup">
      <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
      <Metadata>
      <Item Key="DisplayName">Local account sign up page</Item>
      </Metadata>
      </ContentDefinition> <ContentDefinition Id="api.localaccountpasswordreset">
      <LoadUri>~/tenant/templates/AzureBlue/selfAsserted.cshtml</LoadUri>
      <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
      <!--Custom: Used the latest data uri to resolve copy text ios bug-->
      <!--<DataUri>urn:com:microsoft:aad:b2c:elements:selfasserted:1.1.0</DataUri>-->
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:selfasserted:2.1.7</DataUri>
      <Metadata>
      <Item Key="DisplayName">Local account change password page</Item>
      </Metadata>
      </ContentDefinition> </ContentDefinitions>
    0 comments No comments

  4. Reddy, Santosh M 1 Reputation point
    2021-08-10T15:38:10.13+00:00

    <ContentDefinition Id="api.signuporsignin">
    <LoadUri>https://BlobHtmlTemplate/root/html_templates/SignInSocial.cshtml</LoadUri>
    <RecoveryUri>~/common/default_page_error.html</RecoveryUri>
    <!--Custom: Used the latest data uri to resolve copy text ios bug-->
    <DataUri>urn:com:microsoft:aad:b2c:elements:unifiedssp:1.0.0</DataUri>
    <!--<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>-->
    <Metadata>
    <Item Key="DisplayName">Signin and Signup</Item>
    </Metadata>
    <!--Custom: Added Localization-->
    <LocalizedResourcesReferences MergeBehavior="Prepend">
    <LocalizedResourcesReference Language="en" LocalizedResourcesReferenceId="api.signuporsignin.en" />
    <LocalizedResourcesReference Language="es" LocalizedResourcesReferenceId="api.signuporsignin.es" />
    </LocalizedResourcesReferences>
    </ContentDefinition>

    Getting Below Error when try to use this data uri, <DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.5</DataUri>

    {"error":{"code":"AADB2C","message":"Validation failed: 24 validation error(s) found in policy \"B2C_1A_TRUSTFRAMEWORKEXTENSIONS_DEVFIX\" of tenant \"bannerhealthproviders.onmicrosoft.com\".The localized string with ElementType: UxElement and StringId: logonIdentifier_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: requiredField_email has an invalid StringIdThe localized string with
    ElementType: UxElement and StringId: logonIdentifier_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: password has an invalid StringIdThe localized string with ElementType: UxElement and StringId: createaccount_link has an invalid StringIdThe localized string with ElementType: UxElement and StringId: requiredField_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: cancel_message has an invalid StringIdThe localized string with ElementType: UxElement and StringId: invalid_password has an invalid StringIdThe localized string with ElementType: UxElement and StringId: local_intro_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: local_intro_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: invalid_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: email_pattern has an invalid StringIdThe localized string with ElementType: UxElement and StringId: logonIdentifier_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: requiredField_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: logonIdentifier_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: password has an invalid StringIdThe localized string with ElementType: UxElement and StringId: createaccount_link has an invalid StringIdThe localized string with ElementType: UxElement and StringId: requiredField_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: cancel_message has an invalid StringIdThe localized string with ElementType: UxElement and StringId: invalid_password has an invalid StringIdThe localized string with ElementType: UxElement and StringId: local_intro_username has
    an invalid StringIdThe localized string with ElementType: UxElement and StringId: local_intro_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: invalid_email has an invalid
    StringIdThe localized string with ElementType: UxElement and StringId: email_pattern has an invalid StringIdThe localized string with ElementType: UxElement and StringId: logonIdentifier_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: requiredField_email has an invalid StringIdThe localized string with ElementType: UxElement and StringId: logonIdentifier_username has an invalid StringIdThe localized string with ElementType: UxElement and StringId: password has an invalid StringIdThe localized string with ElementType: UxElement and StringId: createaccount_link has an invalid StringIdThe localize

    0 comments No comments

  5. Reddy, Santosh M 1 Reputation point
    2021-09-21T11:16:20.227+00:00

    Any update on the above issue..

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.