Azure B2C: How to use OtherMails attribute for MFA

Question

I am using B2C custom policies which allows signup/signin with the username instead of the traditional email.

As part of the signup process, I am saving the Email in the otherMails attribute.

when choosing MFA as Email, I don't see the email field prepopulated with the email that I have on user record.

Can otherMails attribute be used for MFA email?

<ClaimsTransformation Id="CreateEmailsFromOtherMailsAndSignInNamesInfo" TransformationMethod="AddItemToStringCollection">
    <InputClaims>
            <InputClaim ClaimTypeReferenceId="otherMails" TransformationClaimType="collection" />
    </InputClaims>

<TechnicalProfile Id="AAD-UserWriteUsingLogonName">
    <PersistedClaims>
        <PersistedClaim ClaimTypeReferenceId="otherMails" />
    </PersistedClaims>
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otherMails" /> 
    </OutputClaims>

<TechnicalProfile Id="LocalAccountSignUpWithLogonName">
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otherMails" /> 
    </OutputClaims>
<TechnicalProfile Id="LocalAccountDiscoveryUsingUserNameAndValidateStrongAuthenticationEmailAddress">
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otherMails" /> 
    </OutputClaims>
<TechnicalProfile Id="AAD-ReadCommon">
    <OutputClaims>
        <OutputClaim ClaimTypeReferenceId="otherMails" />
    </OutputClaims>

<RelyingParty>
    <OutputClaim ClaimTypeReferenceId="otherMails" PartnerClaimType="emails" />
</RelyingParty>

score 0 · Answer 1 · answered Feb 17 '22 at 18:37

0

The field used for MFA is "strongAuthenticationEmailAddress".

That's used by the back end so I doubt it can be changed.

answered Feb 17 '22 at 18:37

rbrayb

46,440
34
114
174

Azure B2C: How to use OtherMails attribute for MFA

1 Answers1