Bypassing Email Verification within Azure AD B2C during Signup Signin on Mobile app

Question

I hope I'm clear with my question so here goes. On the sign up flow of our app we ask the user for username, email and password. However we're not requiring a user's email to be confirmed/validated to continue to use the app. Per our IT dept - Azure AD B2C requires the email address to be verified during the first time signup when by the end user. Is this an absolute truth? Other apps require email, but will still let the user utilize services without confirmation.

We understand the risk and are putting onus on the user if they decide to use an email they don't own. Details of this scenario will be detailed in the legal disclosure. So resetting passwords, notifications etc. won't work for this user.

Answer 1

Updated answer for 2024. It is still possible in this way: https://learn.microsoft.com/en-us/azure/active-directory-b2c/disable-email-verification?pivots=b2c-user-flow

1. Sign in to the Azure portal.
2. If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
3. In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
4. Select User flows.
5. Select the user flow for which you want to disable email verification.
6. Select Page layouts.
7. Select Local account sign-up page.
8. Under User attributes, select Email Address.
9. In the Requires Verification drop-down, select No.
10. Select Save. Email verification is now disabled for this user flow.

Answer 2

Here is the option for a user flow: https://learn.microsoft.com/en-us/azure/active-directory-b2c/user-flow-disable-email-verification

For a custom policy, in the <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail"> just add into metadata tag the next tag.

<Metadata>
    <Item Key="EnforceEmailVerification">False</Item>
</Metadata>

Answer 3

NB: It seems that the "Require verification" setting mentioned in the answer above is global for the B2C tenant, even though it looks like the setting is set for a specific policy (based on that you select a policy first). This is confusing in the UI. Also, it seems that email addresses cannot be edited in a "edit profile" policy.

Answer 4

This is now possible. From the Azure AD B2C Documentation

• Click Sign-up policies or Sign-up or sign-in policies depending on what you configured for sign-up.
• Click your policy (for example, "B2C_1_SiUp") to open it. Click Edit at the top of the blade.
• Click Page UI Customization.
• Click Local account sign-up page.
• Click Email Address in the Name column under the Sign-up attributes section.
• Toggle the Require verification option to No.
• Click OK at the bottom until you reach the Edit policy blade.
• Click Save at the top of the blade. You're done!

Answer 5

It would be nice if we could turn off email verification. I think there's a lot of things that would be nice to configure in the policies, but we currently can't.

For now, you will have to write your own signup flow with custom HTML/JavaScript and backend API/services, and then have your backend create the account using the B2C Graph API.