Azure AD B2C - MFA on a function rather than a user / per user

1
votes

You can set MFA on a B2C policy.

The documentation alludes to the fact that you can set MFA on a function e.g. in my B2C application you don't generally need MFA but if you click the admin. tab, you need MFA to continue.

I can't find any examples on how to do this?

Also, can you set MFA on a specific local user i.e. only some local users have MFA applied and others don't?

There is a MFA button top-right on the B2C user's screen but I suspect that it is for users added through the portal i.e. not local users as it screws up the local user password and they can no longer log in?

1
azure-ad-b2c
The documentation alludes to the fact that you can set MFA on a function e.g. in my B2C application you don't generally need MFA but if you click the admin. tab, you need MFA to continue, could you show me this doc?SunnySun
docs.microsoft.com/en-us/azure/active-directory-b2c/…rbrayb
You don't require Multi-Factor Authentication to access an application in general, but you do require it to access the sensitive portions within it. For example, the consumer can sign in to a banking application with a social or local account and check account balance, but must verify the phone number before attempting a wire transfer.rbrayb
Just so I'm clear. Is this use case possible or not?rbrayb
Yes, you could only set MFA as an admin.SunnySun

1 Answers

1
votes

can you set MFA on a specific local user i.e. only some local users have MFA applied and others don't

When you enable the MFA for the policy, it will work for all the users with using this policy, cannot set MFA on a specific local user. For the details about enabling MFA for the policy, you could read here.

There is a MFA button top-right on the B2C user's screen but I suspect that it is for users added through the portal

For this MFA button, you could use it to set MFA for the specific user that shown in the user list, not only for the user added through the portal. For the local account that only with username like the following picture, you could find its login account in the reset password page. enter image description here

The login account for the local account like this:

enter image description here