CODEWITHSUNDEEP
azureazure-ad-b2c
Saurabh Srivastava
Saurabh Srivastava

Reputation: 1113

Can I use two email addresses for MFA using custom policies?

I would just like to know, can we use two email addresses (provision for alternate email address) for Multi-factor authentication in custom policies with Azure Active Directory B2C just like two phone numbers. Is it possible to do that?

Any help would be appreciated in this regard.

Upvotes: 0

Views: 870

Answers (3)

Yamid Leonardo Rodriguez Reyes
Yamid Leonardo Rodriguez Reyes

Reputation: 3

Yes it's possible, you can use display controls see the example how to implement a custom validation email, you can add display controls to validate mobile or email, as many as you want.

If you want sign in with both, you must to add it in the signinnames. i.e. signInNames.emailAddress1, signInNames.emailAddress2 ....

look the TechnicalProfile Id="AAD-UserWriteUsingLogonEmail" in the TrustFrameworkBase, (I recommend later override it in the Trust Framework Extensions)

 <TechnicalProfile Id="AAD-UserWriteUsingLogonEmail">
......
     <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress1" />
     <PersistedClaim ClaimTypeReferenceId="email" PartnerClaimType="signInNames.emailAddress2" />

Upvotes: 0

Allen Wu
Allen Wu

Reputation: 16458

Just learned from Microsoft Azure Support, it is not possible to use two email addresses for MFA in B2C.

Via built-in user flow or custom policy, only one phone number or two phone numbers is used for MFA. Please refer to this link.

If you need this feature in Azure AD B2C, you could post your idea on User Voice.

Upvotes: 1

Jas Suri - MSFT
Jas Suri - MSFT

Reputation: 11325

MFA with 2 phone numbers sample here

I am not aware of two email addresses being possible for OTP delivery.

Upvotes: 1

Related Questions