用户级别和登录策略级别的Azure B2C MFA [英] Azure B2C MFA at User level and Sign-In Policy level
问题描述
我有一个Web应用程序,该应用程序通过BFA租户进行身份验证,并且在登录策略级别打开了MFA(此时,在用户级别禁用了MFA),并且该策略配置为使用用户名"登录.该应用程序可以正常运行,并且用户可以登录...我要完成的工作是在用户级别拥有MFA,这意味着只有某些用户可以使用MFA,而其他用户可以在没有MFA的情况下登录.
I have a web application that authenticates with my B2C tenant with MFA turned on at the Sign-In Policy level [at this point MFA is disabled at User Level] and the policy is configured to use "username" to login. The application works fine and the user is able to login ... What I am trying to accomplish is to have MFA at user level meaning only certain users will be able to use MFA while others will be able to login without MFA.
我面临的问题是,当我在用户级别打开MFA而在登录策略级别关闭MFA
The problem that I am facing is, when I turn on MFA at User Level and turn off MFA at Sign-In Policy level
在第一个密码验证屏幕之后,重定向到多因素验证屏幕,该屏幕要求用户向其发送代码失败.相反,它返回到第一个密码验证屏幕,并且似乎处于循环状态.当两个MFA都关闭时,它可以通过密码验证正常运行,并且用户可以登录到该应用程序.当两者都打开时,返回循环中的第一个密码屏幕的行为相同.我是在这里想念东西吗,还是有可能
after the first password authentication screen the redirect to multi factor authentication screen where it asks the user to send code to is failing. Instead it is going back to the first password authentication screen and seems to be in a loop. When both MFAs are turned off, it works fine with the password authentication and user is able to login to the application. When both are turned on, it’s the same behavior where it goes back to the first password screen in a loop. Am I missing something here, or is it even possible to do this
推荐答案
Azure AD B2C没有对用户级MFA的现成支持.
您引用的UI来自企业Azure AD,并且正如您已经注意到的那样,它也针对Azure AD B2C出现.
The UI you referenced is from enterprise Azure AD, and while it shows up for Azure AD B2C as well, as you've noticed, won't work.
与您要查找的内容最接近的是有两个策略,一个带有MFA,另一个没有MFA.您必须实现自己的映射表,并通过适当的策略为用户实现.
The best approximation to what you are looking for is having two policies, one with MFA and one without MFA. You would have to implement your own mapping table and for users through the appropriate policy.
这篇关于用户级别和登录策略级别的Azure B2C MFA的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
