Disable email verification during customer sign-up in Azure Active Directory B2C

Before you begin, use the Choose a policy type selector to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.

By default, Azure Active Directory B2C (Azure AD B2C) verifies your customer's email address for local accounts (accounts for users who sign up with email address or username). Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up process. It also prevents malicious actors from using automated processes to generate fraudulent accounts in your applications.

Some application developers prefer to skip email verification during the sign-up process and instead have customers verify their email address later. To support this, Azure AD B2C can be configured to disable email verification. Doing so creates a smoother sign-up process and gives developers the flexibility to differentiate customers that have verified their email address from customers that have not.

Warning

Disabling email verification in the sign-up process may lead to spam. If you disable the default Azure AD B2C-provided email verification, we recommend that you implement a replacement verification system.

Prerequisites

Disable email verification

Follow these steps to disable email verification:

  1. Sign in to the Azure portal
  2. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the Directories + subscriptions icon in the portal toolbar.
  3. On the Portal settings | Directories + subscriptions page, find your Azure AD B2C directory in the Directory name list, and then select Switch.
  4. In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
  5. Select User flows.
  6. Select the user flow for which you want to disable email verification.
  7. Select Page layouts.
  8. Select Local account sign-up page.
  9. Under User attributes, select Email Address.
  10. In the Requires Verification drop-down, select No.
  11. Select Save. Email verification is now disabled for this user flow.

The LocalAccountSignUpWithLogonEmail technical profile is a self-asserted, which is invoked during the sign-up flow. To disable the email verification, set the EnforceEmailVerification metadata to false. Override the LocalAccountSignUpWithLogonEmail technical profiles in the extension file.

  1. Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
  2. Find the ClaimsProviders element. If the element doesn't exist, add it.
  3. Add the following claims provider to the ClaimsProviders element:
<ClaimsProvider>
  <DisplayName>Local Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
      <Metadata>
        <Item Key="EnforceEmailVerification">false</Item>
      </Metadata>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>

Test your policy

  1. Sign in to the Azure portal
  2. Make sure you're using the directory that contains your Azure AD B2C tenant. Select the Directories + subscriptions icon in the portal toolbar.
  3. On the Portal settings | Directories + subscriptions page, find your Azure AD B2C directory in the Directory name list, and then select Switch.
  4. In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
  5. Select User flows.
  6. Select the user flow for which you want to disable email verification. For example, B2C_1_signinsignup.
  7. To test your policy, select Run user flow.
  8. For Application, select the web application named testapp1 that you previously registered. The Reply URL should show https://jwt.ms.
  9. Click Run user flow
  10. You should be able to sign up using an email address without the validation.

Update and test the relying party file

  1. Sign in to the Azure portal.
  2. Make sure you're using the directory that contains your Azure AD tenant. Select the Directories + Subscriptions icon in the portal toolbar.
  3. On the Portal settings | Directories + subscriptions page, find your Azure AD directory in the Directory name list, and then select Switch.
  4. Choose All services in the top-left corner of the Azure portal, and then search for and select App registrations.
  5. Select Identity Experience Framework.
  6. Select Upload Custom Policy, and then upload the two policy files that you changed.
  7. Select the sign-up or sign-in policy that you uploaded, and click the Run now button.
  8. You should be able to sign up using an email address without the validation.

Next steps