Upskilling on Azure B2C custom policies — Changing the user journey

tutorial by Twin rizki from the Noun Project

I have organised the series as a list inside Medium so you can see the rest of the series.

Let’s try and change the user journey.

Exercise 2

We are now going to comment out the MFA steps in the user journey.

The comments in the user journey pretty much tell you how to do this:

<!-- Phone verification: If MFA is not required, the next three steps (#5-#7) should be removed.
This step checks whether there's a phone number on record, for the user. If found, then the user is challenged to verify it. -->

except that the steps in the comment are wrong.

Ideally, you would copy the whole user journey (“SignUpOrSignIn”) from the base to the exercise extensions file and then comment out the steps there also remembering to renumber the steps.

However, this “merge” doesn’t work. Recall that copying and removing things will never work. You have to copy and add.

One way is to rename the user journey in the extensions file e.g. “SignUpOrSignInNoMFA” and use that.

Another way is to add a precondition to the MFA steps that will always result in them being skipped. Have a crack at this.

If you are stuck, look here.

Exercise 3

For this one, let’s remove the Facebook reference. This means that the only way to login is via the local account.

Unfortunately, you can’t remove this via preconditions so you need to make a new user journey and reference it from the RelyingParty sign in policy.

Remove the references to Facebook.

This will cause an error around claim type “alternativeSecurityId” when you try and upload it. That’s because this is part of the Facebook policy that is no longer referenced.

So we need to remove the steps for “AAD-UserReadUsingAlternativeSecurityId-NoError” and “AAD-UserWriteUsingAlternativeSecurityId".

Also, you will get an error around claim type “identityProvider” so remove that from the sign-in policy.

The step “SelfAsserted-Social” is no longer required and can be removed.

When you sign-in now, you will see that the Facebook element has been removed.

If you are stuck, look here.

All good!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rory Braybrook

Rory Braybrook

NZ Microsoft Identity dude and MVP. Azure AD/B2C/ADFS/Auth0/identityserver. StackOverflow: Presentations: