我在Azure AD B2C的Identity Framework中使用自定义策略。我具有SignUpOrSignin.xml和TrustFrameworkBase.xml来自定义策略。我在注册过程中激活了MFA,但在登录时也激活了。登录期间如何将其关闭?
答案 0 :(得分:2)
您可以在注册时执行MFA步骤,但在登录时不执行此步骤,只需添加newUser声明作为ClaimsExist的前提条件即可:
<OrchestrationStep Order="7" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="false">
<Value>newUser</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>isActiveMFASession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" />
</ClaimsExchanges>
</OrchestrationStep>
newUser声明是在注册期间由以下技术资料之一创建的: LocalAccountSignUpWithLogonEmail , SelfAsserted-Social 或 AAD-UserWriteUsingAlternativeSecurityId 。登录期间将不存在。