Hello,
I have created a sign-in User Flow that has MFA enabled.
For the most part it is working fine.
It will send a MFA text message to a user who tries to login to verify their identity.
BUT it does this every time a user logs in. It doesn't give an option to remember the device or anything! It instead asks you to re-verify with MFA each time you login.
With a $0.03 charge for each MFA text, it is unacceptable to require a user to use MFA each time they sign-in.
I would like MFA to work like this:
A user only needs to verify with MFA once per month. Then it remembers that user has already verified.
I can't use "Keep me signed in" (KMSI) because many of my users will be on public PC's and must sign out daily.
I have found no way to configure the MFA for Azure B2C at all!
If I switch to the Azure portal in my B2C tenant and try editing the 'Multi-Factor Authentication' service, nothing changes.
I have found this article which states this is a problem with no fix: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/16104154-mfa-remembering-device
Is this still the case? Or has a fix been implemented?
P.S.
I opened an Azure support ticket about this and was informed that there is no way to do this using a User Flow
but it might be possible to configure via custom policies.
Where might I find a template for this custom policy MFA configuration?
Thank you for any help!