问题
I have a web application that authenticates with my B2C tenant with MFA turned on at the Sign-In Policy level [at this point MFA is disabled at User Level] and the policy is configured to use "username" to login. The application works fine and the user is able to login ... What I am trying to accomplish is to have MFA at user level meaning only certain users will be able to use MFA while others will be able to login without MFA.
The problem that I am facing is, when I turn on MFA at User Level and turn off MFA at Sign-In Policy level
mfa at user level
after the first password authentication screen the redirect to multi factor authentication screen where it asks the user to send code to is failing. Instead it is going back to the first password authentication screen and seems to be in a loop. When both MFAs are turned off, it works fine with the password authentication and user is able to login to the application. When both are turned on, it’s the same behavior where it goes back to the first password screen in a loop. Am I missing something here, or is it even possible to do this
回答1:
Azure AD B2C does not have out-of-the-box support for user-level MFA.
The UI you referenced is from enterprise Azure AD, and while it shows up for Azure AD B2C as well, as you've noticed, won't work.
The best approximation to what you are looking for is having two policies, one with MFA and one without MFA. You would have to implement your own mapping table and for users through the appropriate policy.
来源:https://stackoverflow.com/questions/44443865/azure-b2c-mfa-at-user-level-and-sign-in-policy-level