Azure AD B2C – New phone sign in authentication method available (preview)

After being introduced for Azure Active Directory (AAD), the phone sign in authentication method is now being available (in preview) for Azure Active Directory Business to Consumer (AAD B2C).

This allows you to setup authentication method allowing your consumer users to authenticate using their phone number and one one-time code.

To start using it you need to upload the custom policy for phone authentication (available https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack/tree/master/scenarios/phone-number-passwordless) by logging on to your Azure AD B2C administration portal and accessing the Identity Experience Framework blade

image  image

Before uploading the custom policy files, you need to:

  • Replace the default <TenantId> value (yourtenant.onmicrosoft.com) with your AAD B2C tenant. Use the search & replace function
  • Add the application ID which will use the phone authentication by replacing all instances of IdentityExperienceFrameworkAppId and ProxyIdentityExperienceFrameworkAppId with the application ID in the Phone_Email_Base.xml file

image

Once all done, you can upload the files in the following order:

  1. Phone_Email_Base.xml
  2. SignUpOrSignInWithPhone.xml
  3. SignUpOrSignInWithPhoneOrEmail.xml
  4. ProfileEditPhoneOnly.xml
  5. ProfileEditPhoneEmail.xml
  6. ChangePhoneNumber.xml
  7. PasswordResetEmail.xml

image

NOTE Azure automatically adds the prefix B2C_1A

Then you can test the flow by opening the

B2C_1A_SignUpOrSignInWithPhone custom policy, select your application (referenced by the App ID you defined earlier) and use the Run Now button

image

You will be able to sign-in with a phone number, depending on how the phone number is entered the user may have to define the country (aka if the international dialling code is not provided).

How it looks like when registering

image  image

How it looks like when authenticating

image  image  image

Leave a Comment

Your email address will not be published.