We are developing an Enterprise level application, where there are several end users that will register themselves for some web application. We want them to use MFA, probably 'all' of them, user/password, Biometrics, google authenticator, but the register pages should not be the Microsoft Azure AD register pages, but branded pages from the application. The user should basically not know or care that the app is running in Azure. This should work for Browser logins and (perhaps a mobile app one day, but not now).
The examples I find online is mostly how to register if you're a user for Azure, not the app 'in' Azure.
In short, the steps should be:
- User goes to website of app, click register
- A register page shows, register a user, then prompts them some MFA choices and biometric choices
- Next time the user visits the site, the authentication is used through the registered choices. Also check the device being used that is running the authenticator or biometric so it us only the registered one.
But all should be branded web pages and dialogue windows from the app itself.
