Microsoft Entra External ID - API-based Native Authentification & E-Mail Change

Question

Microsoft Entra External ID is to be used for an iOS, Android and web application. We rely on API-based native authentication for these three application types.

The procedure is described here for SignUp and SignIn: https://learn.microsoft.com/en-us/entra/identity-platform/reference-native-authentication-api?tabs=emailOtp

1st question: Can the step of entering the "one-time password" be avoided during registration? Or can this step be deactivated so that the new user simply registers via email and password without having to confirm the email again? (We know that this is a security feature, but it disrupts the current user flow)

2nd question: Is it possible to change the authentication identifier via API, in this case the mail address of the registered user? Unfortunately, it is currently not possible with the following API documentation: https://learn.microsoft.com/en-us/graph/api/emailauthenticationmethod-update?view=graph-rest-1.0&tabs=http

Here I have stored the required scopes at application registration level and in the user's token (access_token). Unfortunately, I get the following message when executing the API:

{ "error": { "code": "unauthenticated", "message": "The calling app is not authenticated.", "innerError": { "message": "The calling app is not authenticated.", "date": "2024-07-10", "request-id": xxx", "client-request-id": "xxxx" } } }

Best regards

I have currently worked through the documentation and evaluated it with Postman.

Answer 1

1st question: No - the choice is either email/OTP or email/password.

There is no "custom policy" solution as there is in B2C.