Allow MFA to be enabled for selected set of B2C users
We would like users to choose if they want MFA enabled, and therefore a policy should trigger MFA only if the user or admin opts in for it.
We would like more specifics on this scenario. How would you user to self identify for MFA?
The scenario is simple. We have some customers who do not want MFA and some who do. Currently a policy is all or nothing.
The AAD B2C admin should be able to enable MFA on a given user or group, just like it is possible in AAD or O365. Currently, it is coupled to the Flow for all apps or users using a given flow.
Jivago Pecharki commented
Hi, any updated on it?
I agree with Ruan. We need something like conditional MFA. We would like to disable MFA for users who use their Azure AD account we configured in B2C as federated AAD. If we are able to disable MFA for certain IP's or groups and enable it for the rest, this problem is solved for us.
Perhaps approach this from the other side. If MFA is enabled on the B2C tenant by means of a policy (ie. sign-in) then it applies to all users in the directory. An option to turn off MFA for some users (or a group) would be nice. We have automation tests across our platforms and MFA stops us from delivering a system with these tests while not having MFA poses security risks(but allows for automated testing). Turning off MFA for our test accounts only can help with this.