Geek Answers Handbook

Azure AD B2C Email Validation Bypass During Mobile App Registration

I hope I'm clear with my question, and so. In the registration flow of our application, we ask the user for a username, email address and password. However, we do not require user email to be confirmed / confirmed in order to continue using the application. For our IT department, Azure AD B2C requires that the email address be verified during the first registration when the end user. Is that absolutely true? Other applications require email, but still allow users to use the services without confirmation.

We understand the risk and rely on the user if they decide to use an email that they do not own. Details of this scenario will be described in detail in the legal disclosure. Thus, resetting passwords, notifications, etc. Will not work for this user.

+5
source share
3 answers

It would be nice if we could turn off email checking. I think there are a lot of things that would be fine-tuned in politicians, but at the moment we cannot.

Now you will need to write your own registration stream using the user APIs / HTML / JavaScript services and the backend API, and then create your account using the B2C Graph API.

+1
source

Now it is possible. From Azure AD B2C Documentation

  • Select registration policies or registration or login policies, depending on what you configured to register.
  • Click your policy (for example, "B2C_1_SiUp") to open it. Click "Edit" at the top of the blade.
  • Select a page user interface setting.
  • Click "Local Account."
  • Click "Email Address" in the "Name" column in the "Registration Attributes" section.
  • Switch the parameter "Require confirmation" to "No".
  • Click “OK” below until you reach the “Change Policy” click.
  • Click "Save" at the top of the blade. Everything is ready!
+1
source

Note. It appears that the “Require Validation” parameter mentioned in the answer above is global for the B2C tenant, although it does look like the parameter is set for a specific policy (based on the fact that you select the policy first). This is misleading in the user interface. In addition, it seems that the email addresses cannot be changed in the "profile editing" policy.

0
source

More articles:


All Articles