question

itscoolicanchangethislaterright avatar image
0 Votes"
itscoolicanchangethislaterright asked ·

B2C User Flows - Profile editing v2 - Multifactor Authentication

I'm running into a problem with B2C User Flows. Specifically, the "Profile editing v2" flow as it relates to Multifactor Authentication (MFA). It seems there is no way to toggle MFA on or off for the "Profile editing v2" flow (or the v1 version, for that matter). When I create this flow, MFA just defaults to "Disabled", as seen here.

2825-1.png

Also, note that there is no MFA option in this flow's list of Page Layouts.

2826-2.png

As compared to this "Password reset v2" flow which does allow MFA to be turned on and provides the respective Page Layout for that.

2833-3.png

The fact that the "Profile editing v2" flow doesn't offer a MFA Page Layout option would be fine if, when running the flow, the MFA screen wasn't still triggered. However, a MFA page is definitely appearing when I test run the User Flow.

After some experimenting, I've concluded that these User Flows operate independently. For example, the "Profile editing v2" flow has a "Sign In" Page Layout, but it is unrelated to any settings one might have in their actual "Sign In" User Flow. I tested this by disabling MFA on all User Flows, but this MFA screen still appears on this flow. So, it doesn't appear that flow X calls flow Y which uses the configuration set there. Instead, it seems that flow X must have these sub pages like X.a, X.b, X.c. If one sub-page is missing, you get unexpected results. This is also true of "Profile editing v1". It doesn't even have a "Sign In" Page Layout which causes it to display an even older Microsoft branded "Sign In" screen.

It makes sense that the "Profile editing v2" flow's Page Layouts section doesn't contain a MFA option since it's impossible to turn on MFA for the "Profile editing v2" flow. However, the fact that MFA is still triggered in this flow is unexpected, and I don't know how to fix. This is a problem for me since I'm using custom HTML/CSS to brand each User Flow to my company's standards, and suddenly, without any control, this completely unbranded MFA screen appears. This seems like an oversight/bug. It should also be noted that this MFA page appears even when I don't use my custom HTML/CSS and simply use the default template. I have additionally made sure to clear my browser cache when running these tests.

Has anyone encountered this, or know of a fix or workaround?


azure-ad-b2c
1.png (10.2 KiB)
2.png (39.6 KiB)
3.png (40.8 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered ·

@itscoolicanchangethislaterright-6283
You are right, we cannot enable MFA using Profile Editing policy. But, if authentication phone is already configured on User Account, user gets prompted for MFA otherwise there will not be any MFA prompt. However, the customization options should have been there to provide same look and feel for entire flow. This definitely seems like an oversight. I would suggest you to post this at feedback.azure.com.

Workaround:
The only workaround in this case would be to use custom policy. In TrustFrameworkBase.xml, you can specify the URL of your custom html under content definition for api.phonefactor at LoadUri parameter as highlighted below:

2981-capture.jpg

Now if the RP files such as SignuporSignin.xml or PassworReset.xml or ProfileEdit.xml chain up to the above TrustFrameworkBase.xml file, same MFA page will be provided.



Please "Accept as answer" wherever the information provided helps you to help others in the community.


capture.jpg (31.3 KiB)
· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you for this recommendation, and apologies for the delayed reply. I have decided to go with Custom Policies to work around this problem, and I have also posted the problem to this forum per your suggestion (39769321-b2c-user-flows-profile-editing-v2-multifactor).


0 Votes 0 ·