2

You can set MFA on a B2C policy.

The documentation alludes to the fact that you can set MFA on a function e.g. in my B2C application you don't generally need MFA but if you click the admin. tab, you need MFA to continue.

I can't find any examples on how to do this?

Also, can you set MFA on a specific local user i.e. only some local users have MFA applied and others don't?

There is a MFA button top-right on the B2C user's screen but I suspect that it is for users added through the portal i.e. not local users as it screws up the local user password and they can no longer log in?

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • `The documentation alludes to the fact that you can set MFA on a function e.g. in my B2C application you don't generally need MFA but if you click the admin. tab, you need MFA to continue`, could you show me this doc? – SunnySun Nov 05 '18 at 01:56
  • https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-mfa – rbrayb Nov 05 '18 at 17:53
  • You don't require Multi-Factor Authentication to access an application in general, but you do require it to access the sensitive portions within it. For example, the consumer can sign in to a banking application with a social or local account and check account balance, but must verify the phone number before attempting a wire transfer. – rbrayb Nov 05 '18 at 17:54
  • Just so I'm clear. Is this use case possible or not? – rbrayb Nov 08 '18 at 17:45
  • Yes, you could only set MFA as an admin. – SunnySun Nov 09 '18 at 01:33

1 Answers1

1

can you set MFA on a specific local user i.e. only some local users have MFA applied and others don't

When you enable the MFA for the policy, it will work for all the users with using this policy, cannot set MFA on a specific local user. For the details about enabling MFA for the policy, you could read here.

There is a MFA button top-right on the B2C user's screen but I suspect that it is for users added through the portal

For this MFA button, you could use it to set MFA for the specific user that shown in the user list, not only for the user added through the portal. For the local account that only with username like the following picture, you could find its login account in the reset password page. enter image description here

The login account for the local account like this:

enter image description here

SunnySun
  • 1,900
  • 1
  • 6
  • 8
  • Have you tried this? When I try it I can set MFA no problem but when I try and login as the user there is no MFA flow and I keep getting a password error when I try and login. – rbrayb Nov 05 '18 at 17:53
  • @nzpcmad, I tried this in the policy and user page, and it works well. – SunnySun Nov 06 '18 at 01:27
  • Thanks - any joy on the "MFA on the admin. page only" question? – rbrayb Nov 06 '18 at 17:50
  • @nzpcmad, What I said "user page" means the user list page when you click `user` in AAD, not related the admin, sorry for making this mistake for you. – SunnySun Nov 08 '18 at 03:10