问题
I have a web app that has a group of users in Azure AD and I'd like to authenticate against that via username/password but customize the solution with my own styled login screen and possibly reuse the MFA solution that Microsoft offers in their Interactive flow.
So, looking at the list of flows:
What are the possible flows that I can use to accomplish what I need?
The username/password "password" grant only works if MFA is disabled, so one scenario I can envision is possible combining this with my own code that does MFA (and possibly using MS Authenticator).
The interactive flow is the standard flow and would show the default MS page along with MFA but it wouldn't be customizeable
Would a custom flow be possible, or a device code flow and would this be limited to just a B2C tenant?
Thanks in advance
回答1:
Customizing login page in Azure AD (not B2C) is currently limited to Branding update. But that is available only in Premium tier.
You can upvote the feedback here.
Another option is Resource Owner Password Credentials with your own page but Microsoft recommends NOT to use ROPC flow. Also MFA would not work in ROPC.
When you said "The username/password "password" grant only works if MFA is enabled", not sure if I could follow that! Can you explain?
And, custom user flow is only limited to B2C.
来源:https://stackoverflow.com/questions/64899275/azure-active-directory-user-flow-for-authentication-mfa-without-b2c