We have restarted work on this feature. However, we don’t have a date for public preview yet.
We are looking to add additional MFA options for Azure AD B2C in the next few months. As part of the investigation, we want to learn more about your requirements. Email your feedback to firstname.lastname@example.org.
When you say “support for Microsoft Authenticator”, which feature are you referring to?
1. The ability to see the codes in the authenticator app
2. The ability to receive push notifications for MFA
If both, which do you prefer more?
Again, please email your feedback to email@example.com. Feel free to include more details about your scenarios/requirements!
We have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to firstname.lastname@example.org with the answers to the following questions:
- In which scenarios do you plan to force the user to change his/her password?
- What kind of information (if any) would you like to get back if the user goes through the reset flow?
- Do you currently or plan to track which users have reset their password?
Due to various technical limitations, the first iteration of the customer-owned domains functionality will not be available for a few more months. We will provide an update as soon as we can get a more specific ETA.
Reposting so that folks get a notification – from Paul:
Depending on the exact scenario you can do this today. For applications that do interactive browser based sign in to get a SAML assertion, but then want to add access to an OAuth protected API such as Graph, you can simply make an OAuth request to get an Access token for the API. When the browser is redirected to Azure AD to authenticate the user, the browser will pick up the session from the SAML sign in and the user won’t have to enter their credentials.
We are also supporting the OAuth SAML Bearer Asssertion flow for users authenticating with IDPs such as ADFS federated to AAD so that the SAML assertion obtained from ADFS can be used in an OAuth flow to authenticate the user. I’ll post here again when documentation for that is ready.
this feature is in public preview now. https://docs.microsoft.com/en-us/graph/api/resources/trustframeworkpolicy?view=graph-rest-beta.
We are working on managing policy keys programmatically.
This is a scenario we are looking to support in the future however, it is not on our immediate roadmap for the next 6 months. Please continue voting and we will evaluate at a later date.
We are interested in enabling this scenario and are looking for more data.
- Would you want to be able to use this in conjunction with email or would you only be interested in one way to sign up accounts at a time?
- Would you like to be able to create the account without needing an email at all?
We plan to start work on this in the next 6 months. Please note we don’t have timing on when it would be available for customers.
We have a sample for this use case here: https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
Let us know what you think and if this fits your use case.
We’ve put out a new version of the sign in policy called sign in v2. This is available through the new portal experience and we have rebranded policies as user flows. Please give this a try and give us feedback through this link: https://microsoft.qualtrics.com/jfe/form/SV_0Gu45RkBy2YR1kh
We continue evaluating several alternatives to provide full email customization. We are actively working on an alternative.
Unfortunately we do no yet have an ETA.
Given that a Azure AD B2C tenant should only be used for configuring Azure AD B2C, would having programmatic API’s to configure all of the Azure AD B2C settings be useful or is there more that you are looking to achieve using ARM templates?
Agree with @Johan. I would like this for Dev / Test / UAT / Prod etc. ARM templates are ideal for this.
This is currently not on our roadmap. You can retrieve this value by making a call through the Graph API. If this is needed for your scenarios, please continue voting and we will review at a later date.
We are looking for private preview customers who are interested in using Azure AD (single tenant only) or any other custom OIDC compliant identity providers in your built-in policies. If you are interested, please send an email specifying this specific request to email@example.com with your Azure AD B2C tenant name.nzpcmad commented
At the moment, B2C only allows for a few social providers and there are some requests here to add more e.g. "Add Twitter".
It would be far easier to have a workflow that allows adding any provider that uses OIDC / OAuth. That way we could add anything we wanted to without having to make individual requests.
This would be exactly the same as adding SaaS providers to Azure AD. You can pick from a list or use the custom workflow.
We are working to support SP-initiated SSO as well. However, we don’t have timing on when it would available to customers.
Thank you. We will examine the experience of duplicate sign ups across Identity providers. Would performing this check by using the email address be sufficient?
BTW, Linking multiple provider accounts to one user is in our roadmap and we’ve already achieved it in preview…
We look forward to your feedback
We have released the public preview for this feature! Learn more about how to use it here: https://docs.microsoft.com/azure/active-directory-b2c/active-directory-b2c-setup-oidc-azure-active-directory
We definitely recognize the popularity of this feature, and we discuss it constantly during the planning phases. However there are certain technical limitations in the system that add a large amount of development cost. Because of the cost and the fact that there is a workaround available, other features get prioritized over this one.
That being said, please keep voting for it. The popularity of the feature does help bring it up and makes us reconsider every time.
Apologies for the delay.
We’re doing some research both on the specifics of this ask as well as what it would take to support this.
Is the ask here to do the same thing that regular Azure AD does (see: https://blogs.technet.microsoft.com/enterprisemobility/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles/) or is are there different requirements around this for Azure AD B2C?