question

NHering22101 avatar image
1 Vote"
NHering22101 asked azure-cxp-api edited

Passwordless authentication using email only in B2C

I can see that there is a phone only authentication (in public preview ) https://docs.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-local?pivots=b2c-user-flow#phone-or-email-sign-in-preview
Is there a similar flow to sign using only email, then get a magic link in the email and use that one to sign up/in? In other words, sign in only with email, without ever setting up a password.

azure-ad-b2c
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered soumi-MSFT published

Hello @NHering22101, thank you for reaching out. You can certainly use the following sample "https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link". This works absolutely fine and this sample enables you to sign-in using just the email and no password is required here. This sample uses the Magic-Link that gets sent to the entered email and clicking on that magic-link gets the user logged in to B2C.

Note: When using id_token_hint, you are the IDP and giving Azure AD B2C the hint. Hence you need to have a metadata endpoint. B2C can host it for you if you use the above link, but you are sharing with us the Private Key, and you may not want to do that since as an IdP you don't share your private keys

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered NHering22101 commented

Hi @NHering22101 , the only way to do this currently is by using the Outlook client app. This document details how you can customize MFA through the app. If you're not currently using it, you can easily add the Outlook Cloud App to your conditional access policy. Please let me know if you have any questions!

If this answer helped you, please mark it at "Verified" so other users may reference it.

Thank you,

James


· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NHering22101 avatar image NHering22101 ·

Thanks @JamesHamil-MSFT for the answer. So if I want to enable this scenario:
user with email <username>@gmail.com signs up using B2C -> enters only his <username>@gmail.com -> open his gmail -> receives an email from B2C with a magic link -> clicks this link -> gets authenticated in the initial application.
I cannot. Is that correct? What about this https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link does this come with some actual limiations when it comes to the real production scenario?

0 Votes 0 ·