azure-ad-b2c / samples

Azure AD B2C custom policy solutions and samples.
840 stars 597 forks source link

Recurring prompt to enroll in Multi-Factor Authentication (MFA) using TOTP #597

Open emanuel-virca opened 10 months ago

emanuel-virca commented 10 months ago

The user encounters a recurring prompt to enroll in Multi-Factor Authentication (MFA) using TOTP during login attempts, despite having previously completed the enrollment successfully. Also, in the Azure portal, there is no record of any authentication method being registered. This issue began occurring a few days ago and persists even when replicating the problem using the demo sample available at https://github.com/azure-ad-b2c/samples/tree/master/policies/totp. The issue is not reproducing for users that already enrolled a couple of days ago.

gjschipper-visionplanner commented 10 months ago

We have exactly the same problem. Any idea what the problem / soluton is?

visionplanner-admin commented 10 months ago

We too

Michael-006 commented 10 months ago

same issue here

emanuel-virca commented 10 months ago

Tested today, it seems like the issue was fixed.

UemcTestMTPA commented 10 months ago

I have the same problem. Maybe you could help me. I have implemented a custom policy for SignUpandSingIn with resetpassword integrated. The userFlow for Login using Authenticator is correct. But, when I try to change password using Authenticator, when i put email user to get a Verification Code from Authenticator, B2C returns with error "AADB2C90278"--> Unable to validate information provided. I have seen, there is no "Detail information" in user details. Maybe, users are not being registered the device information? InfoDetailUser

emanuel-virca commented 10 months ago

I am not sure it has something to do with the enrolment as from the picture it seems you already enrolled. You should enable logging and take a look over the logs. It might be that the password requirements are not fulfilled. Take a look at this question. Let me know if I can help you in any way.

UemcTestMTPA commented 10 months ago

Yes, I have seen that issue. However, i am still verifying user email. This step is for validate user email. The second step will be to show a input text in order to validate OTP Code. The issue is that I can reset my password using email but not using Ms Authenticator. Maybe... enrollment process is loosing sth... I cant know it. On the other hand, Logging is activated, and I can only see logs about "Dependency"... No more information

emanuel-virca commented 10 months ago

What is the technical profile throwing this error? You can also email me and setup a call.

UemcTestMTPA commented 10 months ago

I think the TP is not working right is this one:

imagen

I have commented OutputClaimsTransformations, in order to run the other user journeys...

emanuel-virca commented 10 months ago

Let’s take this offline. Write me to the profile email.

UemcTestMTPA commented 10 months ago

I write you at night... i need to disconnect from this a bit ;) Thanks anyway!