Reputation: 2812
Azure Active Directory Multi-Factor Authentication with Conditional Access Policy not working
We want to achieve Multi-Factor-Authentication on a per-user-basis using Azure Active Directory B2C. So every user can choose if he/she is prompted for MFA or not.
This feature used to be only available for Azure Active Directory but not for Azure Active Directory B2C. The only way to achieve this was to use Custom Policies. But this is a route we would like to avoid at any cost.
So recently we figured that it's possible to enable MFA conditionally by enforcing a Conditional Access Policy. We created a Conditional Access Policy and selected only certain users (for which we would like MFA to be active). However, no matter what we configure in this Conditional Access Policy, it just doesn't make any difference. The only setting which shows any effect is the property "Multifactor authentication -> MFA enforcement" in the User Flow.
Is this just bad UI/UX in the Azure Portal and configuring a Conditional Access Policy for B2C tenants doesn't do anything or would it be possible to use Conditional Access Policies to configure MFA for certain users only in a Azure Active Directory B2C tenant and we were just using it wrong?
Upvotes: 0
Views: 1289
Answers (1)
Reputation: 7715
*I tried to reproduce the same in my environment to enable Multi-Factor Authentication on Azure AD B2C:
I have created Application for authenticating users with user flows on Azure AD B2C.
Azure Portal > Azure AD B2C > App registrations > New registration > Name ex: Any Name > Supported account types > Accounts in any identity provider or organizational directory (for authenticating users with user flows).
Create User-Flow with MFA enabled using Conditional Access Policy
Azure AD B2C > User flows > New User flows > Sign up and Sign in Enable MFA with Conditional Access Policy
Create Conditional Access Policy per user like below. Azure AD B2C > Conditional Access > New Policy.
Select the users who required MFA authentication.
MFA Grant
MFA will prompt only per selected users on Azure AD B2C.
Verification Page
If I tried login with user3 account which is not enabled MFA, it's not moving to MFA registration page.
Note: For testing I have enabled MFA only 2 accounts. User1 and User2.
Upvotes: 2
Related Questions
- Connection Timeout with Elasticsearch
- Async connection to AWS elasticsearch
- Elasticsearch refusing connection through Python client
- Connection Refused When Connecting to Elasticsearch Remotely
- Not able to connect to Elasticsearch in Docker
- Errno 111: Connection refused when connecting to Elasticsearch with Python Script
- connection error while using the python elasticsearch
- Not able to connect to local elasticsearch process from docker container
- Connection timeout on Elasticsearch parallel_bulk
- python client request fails with default timeout