Configuring Azure AD B2C MFA for the Registered Applications

Introduction

In this article, you will learn how to integrate Azure B2C MFA for one of our registered Blazor web applications. This is a continuation of my previous article where I discussed single sign-out in Azure AD B2C for the registered application. I highly recommend you go through my previous articles on Azure AD B2C integration with the Blazor application, before reading this article.

What is MFA?

Multifactor Authentication is a process of adding one more security level on top of the traditional sign-in flow. With this authentication process, users will authenticate by providing a code on their mobile device, email, fingerprint scan, and more.

In this article, we will see how to integrate the MFA with Azure B2C, so that when users log in by providing their credentials, the application will prompt an MFA screen to enter a code sent to the user's email address.

  1. Enabling MFA for Azure AD B2C User flow.
  2. Log in to the Azure portal and switch to B2C tenant.
  3. Select user flows from the policies blade. Select our B2C_1_SignIn_SignUp_Demo Flow
  4. Select properties from the Settings blade
  5. Set MFA Enforcement to always on from the multifactor authentication section and the type of method I set it to authenticator app – TOTP. Based on this configuration the MFA will be applied to all the registered application that uses the B2C_1_SignIn_SignUp_Demo user flow.
    Demo
  6. Save the changes
  7. Now run the Blazor application
  8. After providing credentials on the sign-in page, you will end up with the MFA screen.
  9. Click on the send verification code button. It will send the verification code to your registered email address.
  10. Provide the code on the next screen. After providing the code, you will land on the home screen.
  11. Home screen after completing the MFA process.

Summary

We have seen how to enable the multi-factor authentication(MFA) for the user flow (Sign In and Sign Up) in Azure B2C and how easily it incorporates the MFA into our Blazor web application.