B2C custom policy with optinal MFA for user

Question

B2C custom policy with optinal MFA for user

Vikas Tiwari 761

I am looking for any custom policy sample with optional MFA when user logs in, so that user can skip the MFA (i.e. setup later) and proceed with login. I have tried sample policy here (https://github.com/azure-ad-b2c/samples/blob/master/policies/mfa-email-or-phone/readme.md) but it doesn't have cancel button when uses given policy.

Is there any way we can implement optional MFA scenario through custom policy.

Thanks.

James Hamil 17,376 Reputation points Microsoft Employee

2022-02-14T18:59:11.047+00:00

Hi Vikas, are you looking for the cancel button mean "I'll set up MFA later" or for it to go back a step? You said you want the option to set up later, but I'm verifying if you want the cancel button to do that or something else.

Best,
James
Vikas Tiwari 761 Reputation points

2022-02-14T21:57:32.047+00:00

@James Hamil Thanks for your response.

Yes I am looking for "SetUpLater" functionality so that user can setup MFA later (may be form profile update) and continue with login. I have followed git sample that I posted in my question but it doesn't have this option, if I click on cancel I get error "AADB2C90091: The user has cancelled entering self-asserted information." which I believe cancels entire process.
Vikas Tiwari 761 Reputation points

2022-02-16T14:48:12.48+00:00

Hi @James Hamil did you get a chance to review the details?
James Hamil 17,376 Reputation points Microsoft Employee

2022-02-16T22:59:31.287+00:00

Hi @ VikasTiwari-2263 , I did, I'm trying to find a sample/solution for you! I'll let you know as soon as I have one :)

Best,
James

James Hamil 17,376 Reputation points Microsoft Employee

2022-02-14T18:59:11.047+00:00

Hi Vikas, are you looking for the cancel button mean "I'll set up MFA later" or for it to go back a step? You said you want the option to set up later, but I'm verifying if you want the cancel button to do that or something else.

Best,
James
Vikas Tiwari 761 Reputation points

2022-02-14T21:57:32.047+00:00

@James Hamil Thanks for your response.

Yes I am looking for "SetUpLater" functionality so that user can setup MFA later (may be form profile update) and continue with login. I have followed git sample that I posted in my question but it doesn't have this option, if I click on cancel I get error "AADB2C90091: The user has cancelled entering self-asserted information." which I believe cancels entire process.
Vikas Tiwari 761 Reputation points

2022-02-16T14:48:12.48+00:00

Hi @James Hamil did you get a chance to review the details?
James Hamil 17,376 Reputation points Microsoft Employee

2022-02-16T22:59:31.287+00:00

Hi @ VikasTiwari-2263 , I did, I'm trying to find a sample/solution for you! I'll let you know as soon as I have one :)

Best,
James

Answer 1

Hi @Vikas Tiwari , This sample might be the most helpful one for you. It allows you to set up MFA on a policy, or require MFA for certain portions of an application but not others.

The issue though is that if you have MFA enabled, all users must register for it initially. It's a good security practice in the long run so users are better protected. But I do understand how this could be an issue for you.

Hopefully you can work with that sample to get close to your needs, but by default we don't offer the option to sign up later. Please let me know if you have any questions and I'd be happy to help.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James

Vikas Tiwari 761 Reputation points

2022-02-21T19:12:32.487+00:00

Thanks @James Hamil I have read the link you have shared but unable to find policy on MFA workflow. Could you please point which section in the article talks about it?

B2C custom policy with optinal MFA for user

1 answer

Activity