How to do email varification with Azure B2C custom policies

Steven Gardiner 21 Reputation points

Hi I'm new to custom policies as I've always used the user flow method. I've downloaded the local account starter pack from here and followed the Microsofts example. I can get my login screen to work but not my sign up page. The page is missing inputs for a email address and a button for email verification like the user flows has. If tried changing claim names and input and outputs but i'm getting nowhere. Please can someone suggest something all I'm getting is this:

Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,675 questions
{count} votes

Accepted answer
  1. AmanpreetSingh-MSFT 56,316 Reputation points

    Hi @Steven Gardiner · Thank you for reaching out.

    You need to add below input and output claim under <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail"> available in TrustFrameworkBase file.
    <InputClaim ClaimTypeReferenceId="email" />
    <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />

    Then add below output claim to your SignupOrSignin.xml (RP File) to get email address claim in the token to be presented to the application:

    <OutputClaim ClaimTypeReferenceId="email" />

    Below is entire LocalAccountSignUpWithLogonEmail technical profile for your reference:

    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">  
              <DisplayName>Email signup</DisplayName>  
              <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=, Culture=neutral, PublicKeyToken=null" />  
                <Item Key="IpAddressClaimReferenceId">IpAddress</Item>  
                <Item Key="ContentDefinitionReferenceId">api.localaccountsignup</Item>  
                <Item Key="language.button_continue">Create</Item>  
                <Key Id="issuer_secret" StorageReferenceId="B2C_1A_TokenSigningKeyContainer" />  
                <InputClaim ClaimTypeReferenceId="email" />  
                <OutputClaim ClaimTypeReferenceId="objectId" />  
                <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="Verified.Email" Required="true" />  
                <OutputClaim ClaimTypeReferenceId="newPassword" Required="true" />  
                <OutputClaim ClaimTypeReferenceId="reenterPassword" Required="true" />  
                <OutputClaim ClaimTypeReferenceId="executed-SelfAsserted-Input" DefaultValue="true" />  
                <OutputClaim ClaimTypeReferenceId="authenticationSource" />  
                <OutputClaim ClaimTypeReferenceId="newUser" />  
                <!-- Optional claims, to be collected from the user -->  
                <OutputClaim ClaimTypeReferenceId="displayName" />  
                <OutputClaim ClaimTypeReferenceId="givenName" />  
                <OutputClaim ClaimTypeReferenceId="surName" />  
                <ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingLogonEmail" />  
              <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />  


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 additional answers

Sort by: Most helpful