For scenarios where you would like users to validate their email via verification code on all sign-ins.
To checkout the user experience of this policy, follow these steps:
-
If you don't have an account, create a local account with your email address.
-
Sign-in with the B2C_1A_SignUp_SignIn_EmailMFA policy. Provide your credentials and select Sign-in. Azure AD B2C will ask you to verify your email (as the second factor authentication).
At Sign In, the email address authenticated with is copied into a read only attribute readOnlyEmail via an input claim transformation in the EmailVerifyOnSignIn technical profile.
The readOnlyEmail claim is passed as an input claim to the EmailVerifyOnSignIn self asserted technical profile to validate the email address via verification code. This is made possible by using PartnerClaimType="Verified.Email" in the output claims section.
The user journey only calls the EmailVerifyOnSignIn self asserted technical profile if the user is not a new user. This bypasses this particular step if the user is signing up.
Use Stack Overflow to get support from the community. Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before. Make sure that your questions or comments are tagged with [azure-ad-b2c]. If you find a bug in the sample, please raise the issue on GitHub Issues. To provide product feedback, visit the Azure Active Directory B2C Feedback page.
This sample policy is based on SocialAndLocalAccounts starter pack. All changes are marked with Sample: comment inside the policy XML files. Make the necessary changes in the Sample action required sections.