AD B2C加紧身份验证 [英] AD B2C Step Up Authentication

问题描述

我有两个登录策略驻留在同一个B2C租户中，其中一个禁用了MFA，另一个禁用了MFA.我希望启用MFA的登录策略用于逐步身份验证，即用户是否已经使用其用户名和密码登录(通过 政策)，它只会提示他输入MFA，而不会再次提示他的用户名和密码.

I have two sign-in policies residing in the same B2C tenant, one with MFA disabled and one with it enabled. I want the sign-in policy with MFA enabled to be used for step-up authentication i.e. if a user has already logged in with his username and password(via a policy), it should only prompt him for MFA not for his username and password once again.

我观察到的行为是，有时提示用户输入其凭据，有时仅提示用户验证其电话号码(大约每隔一段时间).有什么我可以做的，以确保永远不会提示用户 用户名和密码. (仅供参考，这两个策略具有相同的身份提供者，声明和SSO/令牌配置)

The behavior I have observed is that sometimes the user is prompted to enter his credentials and sometimes he is only prompted to verify his phone number (roughly every alternate time). Is there something I can do to make sure the user is never prompted for username and password. (FYI both policies have the same Identity Providers, Claims and SSO/Token config)

推荐答案

In order to avoid multiple prompts, you may remember Multi-Factor Authentication for trusted devices. Users can bypass subsequent verifications for a specified number of days, after they've successfully signed-in to a device by using Multi-Factor Authentication. Refer: Configure Azure Multi-Factor Authentication settings

这篇关于AD B2C加紧身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！