This sample policy demonstrates how to allow user to change the phone number in case they lost their phone. The user first needs to validate their email address. Then, provide and verify the new phone number. After user change the MFA phone number, on the next login, user needs to provide the new phone number instead of the old one.
To check out the user experience of the TOTP multi-factor authenticator, follow these steps:
- Sign-up or sign-in with MFA. Note, this step is not part of this sample.
- After you have an account that is registered with MFA, run the B2C_1A_Demo_RestorePhoneNumber policy to restore the phone number you entered in the first step.
- After you changed the phone number for your account, sign-in with MFA. This time you will be asked to verify the new phone number. Note, this step is not part of this sample.
The solution is based on new B2C_1A_Demo_RestorePhoneNumber relying party policy located in the ProfileEdit_PhoneNumber.xml file. The policy invokes EditMFAPhoneNumber user journey located in the TrustFrameworkExtensions_EditPhoneNumber.xml file which:
- Asks the user to provider and verify their email address
- Reads the user data from the Azure Active Directory
- Provides and validate new phone number
- Persists the new phone number to the directory
To change user's MFA phone number, call the B2C_1A_Demo_RestorePhoneNumber relying party policy.
Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.
Note: This sample policy is based on SocialAndLocalAccountsWithMfa starter pack. Changes are marked with Demo: comment inside the policy XML files. Make the necessary changes in the Demo action required sections.