My team would like to implement the following case in our Azure AD B2C - we want to disable MFA for some of our users (it is less than 1% of users). As I understand there is only one way to do this is to write a custom policy.
I started checking how I can develop a custom policy and realized that I want to have everything that is present in "User Flow" which we use for the Sign In/Sign Up process (created in Azure AD B2C User Flows). I want to do the following to implement the new requirement:
- Download Sign In/Sign Up User flow as an XML file
- Create a new custom policy which is a copy of XML from the previous step. It is needed to have the same steps as we have in generated by Azure User Flow
- Add new Orchestration Step that checks a parameter (which shows that MFA is enabled or disabled)
I have no ideas if this plan will work, but I started working on step 2 and I see the following problem, the XML generated by Azure references on some technical profiles that I cannot find in Azure:
<OrchestrationStep Order="2" Type="ClaimsExchange">
<ClaimsExchanges>
<ClaimsExchange Id="COMP" TechnicalProfileReferenceId="OIDC-V1-COMP-8d80cbaa-f07e-40d5-bd88-
50e9264d67a5"/>
</ClaimsExchanges>
</OrchestrationStep>
Could you please advise me on how I can find these technical profiles? If it does not work, how I can create a custom policy that does the same things as Azure User Flow? Maybe you know how I can implement given requirements without custom policies - I will be happy to get any advice.
