ManoharLakkoju-MSFT
commented
9 months ago @rick-hayek Thanks for your feedback! We will investigate and update as appropriate.
Closed rick-hayek closed 9 months ago
ManoharLakkoju-MSFT
commented
9 months ago @rick-hayek Thanks for your feedback! We will investigate and update as appropriate.
ManoharLakkoju-MSFT
commented
9 months ago @rick-hayek Yes, it is possible to use the existing MFA flow for your company accounts when signing in to your B2C application.
To enable MFA for your company accounts, you can configure your B2C policy to use Azure AD as an identity provider. This will allow your company accounts to sign in to your B2C application using their existing Azure AD credentials and MFA settings.
To configure Azure AD as an identity provider for your B2C policy, you can follow the steps in this article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-single-tenant
Once you have configured Azure AD as an identity provider, you can enable MFA for your B2C policy by following the steps in this article: https://docs.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication
After enabling MFA, your company accounts will be prompted to complete the MFA challenge when signing in to your B2C application. They will be redirected to the Azure AD MFA page to complete the challenge using their existing MFA settings.
I hope this helps! Let me know if you have any further questions.
rick-hayek
commented
9 months ago @ManoharLakkoju-MSFT Thanks for your reply.
We already have configured Azure AD as identity provider, only we've used multi-tenant: https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-azure-ad-multi-tenant?pivots=b2c-custom-policy
And I actually have tried several approaches (https://github.com/azure-ad-b2c/samples/tree/master/policies) including steps from https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-custom-policy, all those should work for B2C local account, but not for my scenarios. Is there any working MFA sample that apply for social account sign-in? Please note I'm configuring a multi-tenant Azure AD application as identity provider.
ManoharLakkoju-MSFT
commented
9 months ago @rick-hayek I'd recommend working closer with our support team via an [Azure support request] (https://docs.microsoft.com/en-us/azure/azure-portal/supportability/how-to-create-azure-support-request). Or you can leverage our Q&A forum by posting your issue there so our community, and MVPs can further assist you in troubleshooting this issue or finding potential workarounds.
[Teams Q&A forum] (https://docs.microsoft.com/en-us/answers/topics/46488/office-teams-windows-itpro.html) for technical questions about the configuration and administration of Microsoft Teams on Windows. [Microsoft Teams Community forum] (https://answers.microsoft.com/en-us/msteams/forum?sort=LastReplyDate&dir=Desc&tab=All&status=all&mod=&modAge=&advFil=&postedAfter=&postedBefore=&threadType=All&isFilterExpanded=false&page=1) Thank you for your time and patience throughout this issue.
rick-hayek
commented
9 months ago Thanks, I've created a support request.
We have a web application which enables both Azure B2C local account and social account authentication. We use a multi-tenant AAD application as identity provider for social account sign-in.
Now we want to enable MFA for the accounts from identity provider (actually our Company accounts that synced to AAD). Our company accounts (in our organization Azure AD tenant) have already configured the MFA. Is it possible that our company accounts can use the existing MFA flow when signing in to b2c application?
Document Details
⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.