After being introduced for Azure Active Directory (AAD), the phone sign in authentication method is now being available (in preview) for Azure Active Directory Business to Consumer (AAD B2C).
This allows you to setup authentication method allowing your consumer users to authenticate using their phone number and one one-time code.
To start using it you need to upload the custom policy for phone authentication (available https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/phone-number-passwordless) by logging on to your Azure AD B2C administration portal and accessing the Identity Experience Framework blade
Before uploading the custom policy files, you need to:
- Replace the default <TenantId> value (yourtenant.onmicrosoft.com) with your AAD B2C tenant. Use the search & replace function
- Add the application ID which will use the phone authentication by replacing all instances of IdentityExperienceFrameworkAppId and ProxyIdentityExperienceFrameworkAppId with the application ID in the Phone_Email_Base.xml file
Once all done, you can upload the files in the following order:
- Phone_Email_Base.xml
- SignUpOrSignInWithPhone.xml
- SignUpOrSignInWithPhoneOrEmail.xml
- ProfileEditPhoneOnly.xml
- ProfileEditPhoneEmail.xml
- ChangePhoneNumber.xml
- PasswordResetEmail.xml
NOTE Azure automatically adds the prefix B2C_1A
Then you can test the flow by opening the
B2C_1A_SignUpOrSignInWithPhone custom policy, select your application (referenced by the App ID you defined earlier) and use the Run Now button
You will be able to sign-in with a phone number, depending on how the phone number is entered the user may have to define the country (aka if the international dialling code is not provided).