This feature is temporarily put on the backlog. Work will resume in the 4th quarter of 2018, so a public preview should be available by the end of 2018.
We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to firstname.lastname@example.org.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFA
If both, which do you prefer more?
Again, please email your feedback to email@example.com. Feel free to include more details about your scenarios/requirements!
We have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to firstname.lastname@example.org with the answers to the following questions:
- In which scenarios do you plan to force the user to change his/her password?
- What kind of information (if any) would you like to get back if the user goes through the reset flow?
- Do you currently or plan to track which users have reset their password?
Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.
Reposting so that folks get a notification – from Paul:
Depending on the exact scenario you can do this today. For applications that do interactive browser based sign in to get a SAML assertion, but then want to add access to an OAuth protected API such as Graph, you can simply make an OAuth request to get an Access token for the API. When the browser is redirected to Azure AD to authenticate the user, the browser will pick up the session from the SAML sign in and the user won’t have to enter their credentials.
We are also supporting the OAuth SAML Bearer Asssertion flow for users authenticating with IDPs such as ADFS federated to AAD so that the SAML assertion obtained from ADFS can be used in an OAuth flow to authenticate the user. I’ll post here again when documentation for that is ready.
We currently have a private preview for custom policies, you can see the documentation here: https://github.com/Azure-Samples/active-directory-b2c-console-custom-policy-api
You can request private preview access by sending an email to email@example.com with your directory name.
We will be following up with other scenarios for programmatic APIs.
This is a scenario we are looking to support in the future however, it is not on our immediate roadmap for the next 6 months. Please continue voting and we will evaluate at a later date.
We are interested in enabling this scenario and are looking for more data.
- Would you want to be able to use this in conjunction with email or would you only be interested in one way to sign up accounts at a time?
- Would you like to be able to create the account without needing an email at all?
Unfortunately, we have no plans for data residency in Australia. If this is key to your needs please continue voting and we will use this to help us prioritize this in the future.
Thank you for the feedback. We are strongly considering this for the future. Today we are focusing on customer facing apps with open self-service signup. /Jose Rojas
We will be bringing this to built in as well in the coming weeks.
We’ve put out a new version of the sign in policy called sign in v2. This is available through the new portal experience and we have rebranded policies as user flows. Please give this a try and give us feedback through this link: https://microsoft.qualtrics.com/jfe/form/SV_0Gu45RkBy2YR1kh
We continue evaluating several alternatives to provide full email customization. We are actively working on an alternative.
Unfortunately we do no yet have an ETA.
Given that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?
Agree with @Johan. I would like this for Dev / Test / UAT / Prod etc. ARM templates are ideal for this.
This is currently not on our roadmap. You can retrieve this value by making a call through the Graph API. If this is needed for your scenarios, please continue voting and we will review at a later date.
We are looking for private preview customers who are interested in using Azure AD (single tenant only) or any other custom OIDC compliant identity providers in your built-in policies. If you are interested, please send an email specifying this specific request to firstname.lastname@example.org with your Azure AD B2C tenant name.nzpcmad commented
At the moment, B2C only allows for a few social providers and there are some requests here to add more e.g. "Add Twitter".
It would be far easier to have a workflow that allows adding any provider that uses OIDC / OAuth. That way we could add anything we wanted to without having to make individual requests.
This would be exactly the same as adding SaaS providers to Azure AD. You can pick from a list or use the custom workflow.
Seems like this feature request was not updated when the feature was announced. Talking to a SAML2.0 identity provider is possible if you use custom policies: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
We are looking at options to enable this.
Just to provide an update, we are close to launching a private preview. We are in the final testing stages for this feature. We will have another update in the next few weeks with instructions on how to join the private preview.
Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?
BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…
We look forward to your feedback