user1647160
Reputation: 531
How to create an email only page in Azure AD B2C?
I would like to have a page in front of my sign in page where there is only an email address field and a button. Once the user clicks the button, they go to another page where they can enter their username and password and sign in. Is this possible in B2C?
Email only page:
Sign In Page:
Step 1. In the TrustFrameworkBase.xml file, add an input restriction to the signInName claim type, so that only an e-mail address can be entered on the first page.
<!-- Claims needed for local accounts. -->
<!--<ClaimType Id="signInName">
<DisplayName>Sign in name</DisplayName>
<DisplayName>Email address</DisplayName>
<DataType>string</DataType>
<UserHelpText />
<UserInputType>TextBox</UserInputType>
</ClaimType>-->
<ClaimType Id="signInName">
<DisplayName>Email address</DisplayName>
<DataType>string</DataType>
<UserHelpText/>
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9.!#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
</Restriction>
</ClaimType>
Step 2. In the TrustFrameworkBase.xml file, add another technical profile to the Local Account claims provider, which prompts for the e-mail address.
<ClaimsProvider>
<DisplayName>Local Account</DisplayName>
<TechnicalProfiles>
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-EmailOnly">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
<TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...
Step 3. In the TrustFrameworkBase.xml file, add SelfAsserted-LocalAccountSignin-EmailOnly to the SignUpOrSignIn user journey as the first orchestration step.
<UserJourneys>
<UserJourney Id="SignUpOrSignIn">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailOnlyExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-EmailOnly" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange" />
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
I still get prompted for a password (CSS is hiding the field):
Upvotes: 1
Views: 489
Answers (1)
Chris Padgett
Reputation: 14684
A custom policy can be implemented for this "paginated" sign-in using the LocalAccounts starter pack as follows.
- In the TrustFrameworkBase.xml file, add an input restriction to the signInName claim type, so that only an e-mail address can be entered on the first page.
<ClaimType Id="signInName">
<DisplayName>Email address</DisplayName>
<DataType>string</DataType>
<UserHelpText/>
<UserInputType>TextBox</UserInputType>
<Restriction>
<Pattern RegularExpression="^[a-zA-Z0-9.!#$%&'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
</Restriction>
</ClaimType>
- In the TrustFrameworkBase.xml file, add another technical profile to the Local Account claims provider, which prompts for the e-mail address.
<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-EmailOnly">
<DisplayName>Local Account Signin</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<Metadata>
<Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
</Metadata>
<IncludeInSso>false</IncludeInSso>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
</OutputClaims>
<UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>
- In the TrustFrameworkBase.xml file, add SelfAsserted-LocalAccountSignin-EmailOnly to the SignUpOrSignIn user journey as the first orchestration step.
<UserJourney Id="SignUpOrSignIn">
<OrchestrationSteps>
<OrchestrationStep Order="1" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailOnlyExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-EmailOnly" />
</ClaimsExchanges>
</OrchestrationStep>
<OrchestrationStep Order="2" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
<ClaimsProviderSelections>
<ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
</ClaimsProviderSelections>
<ClaimsExchanges>
<ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
</ClaimsExchanges>
</OrchestrationStep>
...
Upvotes: 2
Related Questions
- Azure B2C: How to show a static HTML page only?
- Azure B2C passwordless sign up with only email in custom Policy
- Azure AD B2C Custom Policy with Sign Up Page Only
- Azure AD B2C auth with username and e-mail
- Azure AD B2C Direct to Identity Provider from Email
- How do i include email in the redirect to AZURE AD B2C
- How to display the customized signup page in Azure B2C tenant?
- Azure AD B2C - Is there a way to configure single email address instead of multiple email address
- Azure AD B2C - custom sign up page, email verification
- Send an Azure AD B2C Welcome Email