Azure B2C AD:本地帐户身份提供者是否必须基于用户名提供电子邮件地址? [英] Azure B2C AD: Is the email address mandatory for Local Accounts identity providers based on Username?
问题描述
我错过了什么吗?似乎无法进行设置,以便在注册过程中不需要电子邮件地址(甚至根本不需要输入电子邮件地址)?您只能禁用电子邮件验证.
Am I missing something? It does not seem to be possible to set it up so that the email address is not required (or not even prompted for at all) during sign-up? You can only disable the email verification.
我们可能根本不允许用户输入电子邮件地址.他们必须仅使用用户名注册.当然必须支持吗?
We may not allow the users to enter an email address at all. They must register with a username only. Surely this must be supported?
现在,在我可以找到关于该主题的所有文档之后,我已经从头开始重做了整个过程两次.但是结果仍然是一样的.我首先创建一个新的B2C租户,并确保在身份提供者"下,仅选择用户名"作为本地帐户".然后,我转到注册或登录策略"并创建一个自定义模板,然后单击编辑".然后,我确保将身份提供者设置为仅用户ID注册"(和本地帐户),并且在注册属性"以及应用程序声明"中没有选择电子邮件地址".然后,我转到页面UI自定义",然后单击本地帐户注册页面".输入我的自定义URL.在注册属性"下,列出了电子邮件地址".电子邮件地址根本不应该存在.当我单击电子邮件地址"时,只有一个选项可将要求验证"设置为否".可选的拨动开关已禁用.所以我什至不能将其设为可选.
I have redone the entire process over from scratch twice now following all the documentation I could find on the topic. But the outcome remains the same. I start by creating a new B2C tenant and I ensure that under Identity Providers, only "Username" is selected as the "Local Accounts". Then I go to "Sign-up or sign-in policies" and create a custom template, then click on edit. Then I ensure that the Identity Providers is set to only the "User ID signup" (and Local Account), and that in the Sign-up Attributes as well as in the Application Claims I do not have the "Email Address" selected. Then I go to "Page UI Customization" and click on "Local account sign-up page". I enter my custom URL. Under the "Sign-up attributes" it lists "Email Address". Email address should not be there AT ALL. When I click on Email Address there is only an option to set "Require verification" to No. The Optional toggle switch is DISABLED. So I can't even make it optional.
这里的要点是,当我使用用户名"而不是电子邮件"作为身份提供者时,它绝对不应该在我身上强加一个电子邮件地址.
The main point here is that when I use "Username" instead of "Email" as the Identity Provider, it should most definitely not force an email address on me.
如果您在2018年8月8日至今的Azure门户中尝试上述步骤,我相信您会发现相同的限制.在我看来,这似乎是个虫子,也许它溜进了那条线的某个地方?
If you try the above steps in the Azure Portal as it stands today 8 Aug 2018 I am sure you will find the same restriction. This seems like a bug to me, maybe it slipped in somewhere along the line?
推荐答案
该切换开关可让您在基于用户名的帐户或基于电子邮件的帐户之间进行选择,以指示要用于登录的帐户.但是,这并不意味着在基于用户名的帐户中将不会收集该电子邮件-只是该电子邮件无法用于登录.
The toggle switch that allows you to select between username-based or email-based account is to indicate which of these will be used for sign-in. However, this does not mean that in a username-based account, the email will not be collected - it's just that email cannot be used to sign-in.
无论如何,即使对于基于用户名的帐户,也必须使用基本策略中的电子邮件地址来支持密码重置用户旅程.如果B2C没有收集电子邮件地址,则用户即使忘记了密码也无法重设密码.
Regardless, the email address in basic policies is required to support password reset user journeys even for username-based accounts. If B2C does not collect the email address, then a user cannot reset their password even if they forgot it.
If you really want to not collect email, then your only option today is to use custom policies. In that case, you will have to determine how you want to support password reset, if at all.
这篇关于Azure B2C AD:本地帐户身份提供者是否必须基于用户名提供电子邮件地址?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
