具有多因素身份验证的Azure Active Directory B2C-可集成到网站中的查询 [英] Azure Active Directory B2C with Multi Factor Authentication - queries to integrate in website

问题描述

我想通过Azure Active Directory(AD)集成多因素身份验证(MFA)，检查了其文档和一些代码示例，然后我知道Azure AD B2C具有一些适合我要求的功能，

I want to integrate Multi Factor Authentication (MFA) through Azure Active Directory (AD), I checked its documentation and some code samples, then I knew that Azure AD B2C have some of features which suits my requirement,

注意-我只需要Azure AD B2C中的MFA功能，

NOTE - I only need MFA feature from Azure AD B2C,

我尝试了官方文档 https://docs.microsoft.com/zh-cn/azure/active-directory-b2c/active-directory-b2c-tutorials-spa

但是我有一些疑问:

1)Azure B2C中是否有任何服务可以直接提供MFA功能进行集成，而无需在Azure AD中注册用户?

1) Is there any service in Azure B2C, which can directly provide MFA facility to integrate, without need to register users in Azure AD?

2)在Azure B2C中，我可以使用我的网站信息来控制用户流吗?这样，在用户访问过程中，电子邮件和电话号码将属于我的网站. (我之所以问这个问题，是因为根据我的计划，我将在登录网站后将其集成)

2) In Azure B2C, can I control user flow with information of my website? So that email and phone number will be of my website during user flow. (I am asking about this because according to my plan I am going to integrate it after login process in my website)

3)Azure B2C中有3种类型的帐户(工作帐户，访客用户，消费者用户)，哪种用户类型最合适? (我只需要用户的MFA，并且将需要通过Graph或任何官方API管理用户)

3) There are 3 types of account in Azure B2C, (Work account, Guest user, Consumer user), Which user type is most suitable? (I only need MFA for the user, and will require to manage users via Graph or any official API)

4)我可以从哪里决定将注册哪种类型的用户?因为我尝试过的代码没有提及用户类型，(实际上我想知道用户流中是否有任何参数或选项，可以确定用户类型，并将通过此流进行注册)

4) From where can I decide, which type of user will be registered? because the code which I have tried, doesn't mention about user type, (Actually I want to know that is there any param or option in user-flow, which can decide type of user, which will be registered through this flow)

任何帮助或建议对我都会有所帮助，

Any help or suggestions will helpful for me,

预先感谢

推荐答案

1. Azure B2C中是否有任何可以直接提供MFA的服务 是否可以进行集成而无需在Azure AD中注册用户?

1. Is there any service in Azure B2C, which can directly provide MFA facility to integrate, without need to register users in Azure AD?

是的，您可以限制新用户使用MFA进行注册和注册.为此，需要启用 MFA .它是所有人的全球MFA. 请参见下面的屏幕截图.

Yes you can restrict new user to sign and sign up using MFA. For that need to enable MFA. Its global MFA for all. See the screen shot below.

注意:您还可以为每个用户实施MFA.

Note: You can also implement MFA for each individual user.

请参见下面的Individual MFA

实施MFA后，系统将提示您验证手机 像下面的数字

Once you implement MFA you would be prompted to verify your phone number like below

注意:

要测试MFA用户流，需要在 应用程序上使用本机应用程序 下拉

For Testing MFA Userflow need native application on application drop down

请参见下面的屏幕截图

2.在Azure B2C中，我可以使用我的信息来控制用户流吗 网站?这样，电子邮件地址和电话号码就会在 用户流. (我问这个问题是因为根据我的计划，我是 在登录网站后将其集成)

2. In Azure B2C, can I control user flow with information of my website? So that email and phone number will be of my website during user flow. (I am asking about this because according to my plan I am going to integrate it after login process in my website)

是的，您可以自定义用户流.您可以根据自己的需要添加新的用户流.

Yes you can customize your user flow. You can add new user flow according to yours.

为此，请在Azure门户的左上角选择All services，然后搜索并选择Azure AD B2C

To do that, Choose All services in the top-left corner of the Azure portal, and then search for and select Azure AD B2C

然后在左侧菜单中，选择User flows，然后选择 New user flow

Then In the left menu, select User flows, and then select New user flow

请参见下面的屏幕截图:

See the screen shot below:

3. Azure B2C中有3种帐户类型(工作帐户，访客用户，消费者用户)，哪种用户类型最合适? (我只需要用户的MFA，并且将需要通过Graph或任何官方API管理用户)

简而言之，Work account在B2C租户中享有更多的特权，即官方文件说.由于消费者帐户不能访问门户网站上的一些资源.用于访问 Microsoft Graph API 来宾用户即使在天蓝色的门户网站.

In short Work account has the more privileged in B2C tenant as the official document says. As consumer account cannot access some resource on portal. For accessing Microsoft Graph API Guest user has some restriction even on azure portal.

注意:根据您的要求，我建议您使用Work帐户，该帐户在访问Microsoft API时会带来一些好处

Note: As per your requirement I would suggest you to go with Work account which has some benefits while you would access Microsoft API

尽管帐户类型主要取决于您的业务需求，但是工作帐户在各个方面进行比较比较有用.

Though the account type mostly depend on your business needs but Work Account more useful comparing all aspect.

比方说，如果要向某些用户添加已经注册了其他组织的用户，但需要以特定的应用程序特权添加它们.因此需要将用户添加为Guest特权.

Let's say, If you want to add some user those who already registered some other organization but you need to add them in your particular application privilege. So need to add user as Guest privilege.

4.我可以从哪里决定要注册哪种类型的用户?

正如我之前所说，这个问题有点令人困惑，这取决于您的业务需求.工作帐户通常最适合租户用户.因此，当您觉得自己的租户内是否需要添加新用户时，请使用Work account.一旦指定了您的需求，对于您需要添加哪种类型的用户，无疑将更加容易.到目前为止，还没有这样的参考资料可以解释得很好.

Tough the question is bit confusing as I said earlier it would depend on your business needs. Work account usually best for tenant user. So when you feel within on your tenant if new user need to add so go with Work account. Once you specify your need it would definitely easier for you which kind of user you need to add. There is no such reference which can explain well upto to now.

注意:您可以尝试添加所有用户类型，以检查用户帐户使用门户网站和访问资源的行为.

Note: You could try adding all the user type to check how the user account behave using portal and accessing resources.

这篇关于具有多因素身份验证的Azure Active Directory B2C-可集成到网站中的查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！