Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.
For scenarios where you would like to give users the choice to use Email verification or SMS/Phone Call as the second authentication factor, and allow them to change this choice at a later point via Profile Edit.
User flow:
- When the user signs-up or signs-in, where the user attribute for
extension_mfaByPhoneOrEmaildoes not exist, the user is prompted to make a selection via a radio box. - If the MFA preferred MFA method is:
- phone, the
PhoneFactor-InputOrVerifytechnical profile is executed, to enroll or verify the phone number. - email the
EmailVerifyOnSignIntechnical profile is executed, to enroll or verify the email address.
- phone, the
- New enrolled MFA is persisted to the directory.
- Sign Up and verify the MFA Method is selectable.
- Sign In and verify the expected MFA Method is prompted for.
- Run the Profile Edit policy and change the MFA Method, repeat the Sign In for both methods to make sure the choice is respected.
- Run the password reset journey and confirm the MFA method is respected.