Add TOTP support to B2C (e.g. Google Authenticator)
Add support for TOTP (e.g. Google Authenticator) to B2C.
The current MFA support is very limited, SMS is already regarded as non-secure due to the lack of security in SS7 (https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin).
Support for TOTP (Time based one time password) should be added and is already widely available e.g. support Google Authenticator. Please avoid a Msft eco-system only approach (e.g. only support Msft authenticator - this is not as widely used).
Basil Twisleton commented
This seems possible with a Custom Policy, havent implemented it yet though. Would be nice if it was integrated into the standard policies/configuration.
Sam Harris commented
Any updates on this? Timeline for implementation, etc?
Microsoft Authenticator, Google Authenticator, Authy