Share via

Increase max. timeout or improve performance of EmailOtpSend event

Manuel Tospann 291 Reputation points
2025-11-11T14:00:28.2833333+00:00

Hi.

We are trying to implement Azure Communication Services as a custom email provider in our External ID tenant.

We followed both instructions on MS Learn.

  1. Logic App
  2. Azure Function

For both implementation, we oft run into a timeout which then causes Entra to retry once. The retry then fails because of a timeout, too. Then the e-mail gets sent by Microsoft due to our fallback settings.

But the Function/Logic App processes the requests fine - just too slow. So the customer receives three e-mails in total. Two from ACS and one from Microsoft.

Did anyone else run into similar issues?

Is there a way to increase the max. timeout of 2000ms in Entra?

User's image

Having the Function/Logic App respond immediately and then process the request afterwards, resolved the timeout issues. But what if ACS had some issues? The error handling couldn't fallback to Microsoft.

Any ideas would be much appreciated.

Azure Communication Services
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Natheem Yousuf 340 Reputation points
    2025-11-11T18:42:26.0866667+00:00

    Hi Manuel Tos, you can’t increase the 2,000 ms limit; that is a documented hard limit for custom authentication extensions in Entra External ID.

    A practical approach that other customers use (and what you already tried) is a combination of three things:

    1. Make the extension respond immediately (fast ACK) and do the heavy work async — but important trade-off: if you always ACK success immediately then Entra won’t fall back to Microsoft when ACS actually fails. So decide whether you prefer guaranteed fallback or a fast UX. 

    Make your provider as fast and cold-start-resistant as possible:

    Use a Premium / App Service plan or pre-warmed Function (avoid Consumption cold starts).

      Reuse HTTP clients (no new HttpClient per request), enable HTTP keep-alive, and use the ACS regional endpoint closest to your function.
  
     Use ACS email SDK async calls + small templates and minimal I/O on the hot path.
    1. Prevent duplicates and support safe retries (this is the crucial practical fix): store an idempotency/key (use authenticationContext.correlationId or otpContext.oneTimeCode + tenant) and check it before sending. If the first request completed but Entra retried, skip the second send. If ACS fails, return an error so Entra will retry and eventually use Microsoft fallback. (So your code logic: attempt send → if send succeeds write “sent” record and return 200 → if send fails return 5xx so Entra can retry/fallback). 

    If you want, I can:

    give a tiny Azure Function code sample showing idempotency (Redis/Cosmos) + fast ACK pattern, or

    suggest exact Function plan / pre-warm settings and HttpClient patterns to reduce latency.

    Hope this helps — tell me which snippet you want and I’ll post it.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.