如何以编程方式清除或更新Azure AD B2C MFA的电话号码? [英] How do I programmatically clear or update a phone number for Azure AD B2C MFA?

问题描述

我们正在使用以下示例在Azure AD B2C上测试MFA: https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-unknown-devices

We are testing MFA on Azure AD B2C using the sample found here: https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-unknown-devices

我们知道可以通过Azure门户完成此操作，但这不是我们向客户提供租户访问权限(客户自助服务)的一种选择.

We know it can be done via the Azure Portal, but it is not an option for us to give customers access to our tenant (customer self service).

以前的帖子指出我要等待Graph API的更新，而我们现在正在使用Beta:

Previous posts pointed me to wait for an update from Graph API, and we are playing with the beta now: https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-beta

运行Get authenticationMethod 仅将启用了MFA的Azure AD B2C用户显示为具有密码身份验证，没有电话号码.

Running Get authenticationMethod only shows Azure AD B2C users with MFA enabled as having password authentication, no phone number.

任何人都可以使Beta Graph API与Azure AD B2C MFA一起使用，或者想出一种解决方法来清除/更新电话号码?

Anyone been able to get the beta Graph API working with Azure AD B2C MFA or come up with a workaround clearing/updating phone numbers?

推荐答案

由于Graph API似乎无法解决问题，因此我们能够找到一个示例Azure AD B2C自定义策略，该策略允许用户编辑其电话号码.为了获得重置"，需要执行以下操作:功能，我们添加了一项针对索赔的检查，该索赔将指定用户需要重新注册MFA，然后触发此工作流程.

Since Graph API does not appear to be the answer, we were able to find a sample Azure AD B2C custom policy that allows a user to edit their phone number. To get a "reset" functionality, we added a check for a claim that would designate the user needs to reenroll in MFA and then trigger this workflow.

https://github.com/azure-ad-b2c/samples/tree/master/policies/edit-mfa-phone-number

这篇关于如何以编程方式清除或更新Azure AD B2C MFA的电话号码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！