Enable MFA method
Dear, Currently in our company, the authentication methods policy > Microsoft Authenticator defaults to “any”. Either “passwordless” or “Push”. It is possible to enable the following authentication method through a conditional access policy, currently it is enabled for some users. Desired authentication method: The current method is as follows: Can it be enabled for professional accounts or is it only focused on personal accounts? Thanks in advance.
How to Skip Country Code Selection Screen in Azure AD B2C for US Users?
Hi all, We’re using Azure AD B2C for user sign-in and sign-up, and we’ve customized the process with custom HTML templates. Currently, the sign-in flow involves three steps: Users enter their phone number. Users select their country and phone number. Users enter the OTP sent via SMS. Since our users are all based in the USA (with country code +1), we’ve set the country code to +1 by default using custom HTML templates. However, we’d like to skip the screen where users manually select the country code to further streamline the process. Is there a way to fully bypass this step and automatically use the default country code (+1) without requiring users to interact with that screen? Thanks for your help!How to Automatically Pre-fill Phone Number in Azure AD B2C User Flow?
Hi all, We’re using Azure AD B2C for user sign-in and sign-up and have customized the process with custom HTML templates. The current sign-in flow involves three steps: Users enter their phone number. Users select their country and phone number. Users enter the OTP sent via SMS. We’d like to automatically pre-fill the phone number in the user flow, perhaps by passing it as a query parameter or using another method. Is this possible? If so, how can we achieve it? Thanks in advance!
Issue: Invitations from SharePoint and Teams Redirect to Incorrect Page
I hope you're doing well! I’m reaching out to seek some guidance regarding an issue we’ve encountered with guest invitations in SharePoint and Teams. When we send invitations to guests from SharePoint and Teams, they are redirected to the Entra ID "My Applications" page instead of directly to SharePoint or Teams. We do not want guests to be redirected to the "My Applications" page in the directory but rather directly to the respective service/application. Is this a configuration setting, and if so, where can this be adjusted? I have been unable to locate such a setting in Entra ID. Another notable issue is that invitations take 1 to 2 hours to reach the invited guest. Thank you in advance for your assistance.keep ui_locales param in custom policy sign in flow
Hi, I'm having some trouble with the language customization of our AD B2C based authentication pages. In my country (Greece) even though the local language is greek, it's very common to use english as the default language for web tools and specifically browsers. In our business we do want to show english translations but only when user needs it. There is a language switch added in a custom html template that changes the ui_locals param and refreshes the page. We have added LocalizedStrings to our custom policies and initially force the ui_locals=el param in order to override the default browser language and set it to greek. This works fine in the first screen where users are asked to add their email address but as long as they proceed to the next step, the ui_locals param is lost and the password screen is shown with strings in english. Is there a way to tell to a custom policy to respect the ui_locals param when moving from one screen to another?
Business User to manage an Application's users in Entra External ID
Hi all, In my company we are using Microsoft Entra External ID as CIAM for one of our applications. Users are external to the company (i.e. 'consumers'). Users are initially created by IT, as the app is not open for the general public. Everything works fine so far and, in addition to the authentication, we are using Entra External ID for authorization as well. For that, we are using regular Entra groups that travel to the app using OIDC claims, so once the user has successfully authenticated, the apps gets the group/s membership as well. Here comes the question: We now want to have a non-IT, Business user to manage authorizations, (i.e group memberships). The options we manage are: 1) Provide the business user access to the Entra External ID console, with a heavily restricted role that will only allow him to manage users of a certain app (in general, a limited collection of apps). 2) Create a (web) application that handles user authorization management. It would basically show the list of users and group membership for each, and allow making modification to them. For option 2) we would like to keep it "CIAM agnostic", meaning we don't want to have it solved via something like MS Graph API , for instance. Instead, we would like (if possible) a solution based on standards such as OIDC. We are open to use any other different standard protocol such as SAML. We don't know if any of the options are actually feasible, or if there is a better approach that should be considered. Ideas about how we can handle this? Thank you all in advance for you help.
Add hyperlink in attribute label (Azure B2C user flow)
I am trying to reproduce this configuration where links are added to the label of the “terms of use” attribute in the signup. It seems I can’t add a link the way it’s done here, I am overriding the localized resources json and using the [terms of use](url) format but no hyperlink is created. Is this still possible? thank you, https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-define-custom-attributes#configure-a-single-select-checkbox-checkboxsingleselect
Can we use On-Behalf-Of-User flow and Client Credential Flow for same API
I have developed few API and its using on behalf of user flow. We get the delegated access for respective users to perform action. But we have several background jobs so can i switch to client credential flow for just these background jobs? By doing this the same API has both "on behalf of user flow" and "Client Credential flow"!
B2B sharing policy
Hi, Microsoft has updated the B2B sharing policy, so we now need to invite externals to our Azure AD before sharing files with them. Is there any way to create an exception for certain domains, like those of our partners, so we can share files with them without having to invite them as guests? Thank you for your help! Best,Azure B2B, B2C or Entra External ID for OneDrive/SharePoint external collaboration
Dear Community, We have a business requirement that internal staff needs to collaborate files with external customers. Staff share individual files from OneDrive for Business or SharePoint Online library. External customers will be required to register as guests. External customers will be required to use MFA for authentication. I am able to get it somewhat working by enabling OneDrive/SharePoint and Azure B2B integration. The benefit is that external customers will be added as guests even when you share single files, which is not possible by default. Then the default guest CAP will require guests to have MFA turned on during first registration. The reason I said somewhat working is that the user experience is not that great. For example, the page for guest registration cannot be customised so the process seems clunky and confusing for non-technical user, so as the guest registration email. The SharePoint file sharing email that customers receive are also not customisable. It looks like a spam. It seems like without using Azure B2C or now the next generation of External ID, I cannot use separate company branding just for my guests. When comparing different features, it also comes to my understanding that even with an external tenant, the customised signup/signin user flow needs to associated with an enterprise app. And this document specifically called out OneDrive/SharePoint cannot be used to trigger the signup/signin user flow. https://learn.microsoft.com/en-us/entra/external-id/self-service-sign-up-user-flow The above link is for B2B but I think for B2C, it is the same deal, even though it didn't say explicitly. https://learn.microsoft.com/en-us/entra/external-id/customers/how-to-user-flow-sign-up-sign-in-customers Any advice is welcome. Thank you so much! nhtkid
