For scenarios where you would like to give users the choice to use Email verification or SMS/Phone Call as the second authentication factor, and allow them to change this choice at a later point via Profile Edit.
To test the MFA email or phone user experience, follow these steps:
- Sign-up or sign-in with the B2C_1A_Demo_SignUp_SignIn_PhoneOrEmailMFA policy.
- Choose the type of MFA (email or phone). Then complete the enrollment process.
- Sign-in again with the B2C_1A_Demo_SignUp_SignIn_PhoneOrEmailMFA policy. Complete the sign-in with your username and password. Then verify your email of phone (based on your previous choose)
- For any custom policy sample which makes use of Extension attributes, follow the guidance on storing the extension properties and adding the application objectID. The AAD-Common Technical profile will always need to be modified to use your ApplicationId and ObjectId.
User flow:
- When the user signs-up or signs-in, where the user attribute for extension_mfaByPhoneOrEmail does not exist, the user is prompted to make a selection via a radio box.
- If the MFA preferred MFA method is:
- phone, the PhoneFactor-InputOrVerify technical profile is executed, to enroll or verify the phone number.
- email the EmailVerifyOnSignIn technical profile is executed, to enroll or verify the email address.
- New enrolled MFA is persisted to the directory.
- Sign Up and verify the MFA Method is selectable.
- Sign In and verify the expected MFA Method is prompted for.
- Run the Profile Edit policy and change the MFA Method, repeat the Sign In for both methods to make sure the choice is respected.
- Run the password reset journey and confirm the MFA method is respected.
Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.