B2C custom policy with optinal MFA for user

Question

B2C custom policy with optinal MFA for user

Vikas Tiwari 771

I am looking for any custom policy sample with optional MFA when user logs in, so that user can skip the MFA (i.e. setup later) and proceed with login. I have tried sample policy here (https://github.com/azure-ad-b2c/samples/blob/master/policies/mfa-email-or-phone/readme.md) but it doesn't have cancel button when uses given policy.

Is there any way we can implement optional MFA scenario through custom policy.

Thanks.

James Hamil 27,211 Reputation points Microsoft Employee Moderator

2022-02-14T18:59:11.047+00:00

Hi Vikas, are you looking for the cancel button mean "I'll set up MFA later" or for it to go back a step? You said you want the option to set up later, but I'm verifying if you want the cancel button to do that or something else.

Best,
James
Vikas Tiwari 771 Reputation points

2022-02-14T21:57:32.047+00:00

@James Hamil Thanks for your response.

Yes I am looking for "SetUpLater" functionality so that user can setup MFA later (may be form profile update) and continue with login. I have followed git sample that I posted in my question but it doesn't have this option, if I click on cancel I get error "AADB2C90091: The user has cancelled entering self-asserted information." which I believe cancels entire process.
Vikas Tiwari 771 Reputation points

2022-02-16T14:48:12.48+00:00

Hi @James Hamil did you get a chance to review the details?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2022-02-16T22:59:31.287+00:00

Hi @ VikasTiwari-2263 , I did, I'm trying to find a sample/solution for you! I'll let you know as soon as I have one :)

Best,
James

1 answer

Your answer

James Hamil 27,211 Reputation points Microsoft Employee Moderator

2022-02-14T18:59:11.047+00:00

Hi Vikas, are you looking for the cancel button mean "I'll set up MFA later" or for it to go back a step? You said you want the option to set up later, but I'm verifying if you want the cancel button to do that or something else.

Best,
James
Vikas Tiwari 771 Reputation points

2022-02-14T21:57:32.047+00:00

@James Hamil Thanks for your response.

Yes I am looking for "SetUpLater" functionality so that user can setup MFA later (may be form profile update) and continue with login. I have followed git sample that I posted in my question but it doesn't have this option, if I click on cancel I get error "AADB2C90091: The user has cancelled entering self-asserted information." which I believe cancels entire process.
Vikas Tiwari 771 Reputation points

2022-02-16T14:48:12.48+00:00

Hi @James Hamil did you get a chance to review the details?
James Hamil 27,211 Reputation points Microsoft Employee Moderator

2022-02-16T22:59:31.287+00:00

Hi @ VikasTiwari-2263 , I did, I'm trying to find a sample/solution for you! I'll let you know as soon as I have one :)

Best,
James

Answer 1

James Hamil 27,211 Microsoft Employee Moderator

Hi @Vikas Tiwari , This sample might be the most helpful one for you. It allows you to set up MFA on a policy, or require MFA for certain portions of an application but not others.

The issue though is that if you have MFA enabled, all users must register for it initially. It's a good security practice in the long run so users are better protected. But I do understand how this could be an issue for you.

Hopefully you can work with that sample to get close to your needs, but by default we don't offer the option to sign up later. Please let me know if you have any questions and I'd be happy to help.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James

Vikas Tiwari 771 Reputation points

2022-02-21T19:12:32.487+00:00

Thanks @James Hamil I have read the link you have shared but unable to find policy on MFA workflow. Could you please point which section in the article talks about it?

Share via

B2C custom policy with optinal MFA for user

1 answer

Your answer