B2C Passwordless Login

Copper Contributor

In Azure AD, we can select a passwordless sign-in option. This uses the Microsoft Authenticator App, so that users no longer need a password to sign in.

 

I was wondering if this option also exists in B2C. I can see that we can add a MFA option, I can see that there are third-party integrations for passwordless solutions (but I don't want to use those), but I can't see if we can create an experience in B2C that enforces both the use of the Microsoft Authenticator App (and not other TOTP providers), as well as enforcing the Microsoft Authenticator App MFA Passwordless sign-in experience.

 

For example, in the Azure AD documentation it says that "Users register themselves for the passwordless authentication methods of Azure AD". 
In B2C we don't want to give end-users this option. So to summarize:

 

1. Is this experience supported in B2C?

2. Can we actually enforce only Microsoft Authenticator as MFA/TOTP provider?

3. Can we actually enforce only a passwordless sign-in experience?


Any pointers towards documentation or a solution would be greatly appreciated.

4 Replies
Well you can use phone based or or via Microsoft authenticator refer the below URL
https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-flows-app-scenarios#...

@Chandrasekhar_Arya Thank you for your reply.

Phone based does not use the Microsoft Authenticator App, nor TOTP, it uses SMS in Azure B2C, so that is not an option.

The link you provides shows several authentication options, but for each of these it offers several sign-in options such as email, username, phone, totp, and therefore it still doesn't show if my requested sign-in experience is supported.

If I understand the requirement correctly, you don't want to provide an option in B2C to the user to do the registration on MFA.
Yes, this scenario is supported in B2C but I would prefer to go with the custom flows option where you can have more control to define the flow. You can use Phone-based authentication, you can configure MFA, and include phone-based authentication (SMS or Phone Call).

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-b2c-phone-sign-in-expe...

Sample code:
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/main/scenarios/...

@anon123123 

 

Yes, it works in B2C as well, would suggest Microsoft Authenticator App with phone sign-in