I’m thrilled to announce that Azure AD B2C now supports phone-based sign-in and sign-up for apps using B2C custom policy!
With an increasing number of users signing in to apps on their mobile phones and security risks with password, many organizations and developers are looking for ways to make sign-in and sign-up for their customer facing apps more convenient and secure. This feature also takes us a step closer to our vision of passwordless authentication.
With this public preview, Azure AD B2C now supports phone sign-in and sign-up using a phone number and one-time password (OTP). This means that app developers can add a user flow to their app that allows users sign-up and sign-in by simply entering their phone number, which is verified by entering the OTP received via SMS (Figure 1). As with other B2C experiences, this user flow can be fully customized by the developer.
The experience also includes support for seamless account protection and recovery for times when a user loses access to their phone or changes their phone number. During sign up, users are required to provide a recovery email, which is then verified using an OTP (Figure 2).
When users change their phone number or don’t have access to their phone, they can use this recovery email to sign in. Updating from an old phone number to a new phone number requires verification via OTP sent to the email address (Figure 3). This mitigates the risk of accidental account takeover in the event of a phone number changing hands from one person to another.
In addition, phone based sign-in and sign-up can be used in conjunction with other authentication methods like email based username and password (Figure 4), or social identity providers already supported by Azure AD B2C.
I’m excited to bring phone sign-in and sign-up to Azure AD B2C, so jump right in to the documentation to try it out! And as always, we would love to hear any thoughts or feedback in the comments below or through this short survey.
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.