![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,435 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 26%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJK%3C/text%3E%3C/svg%3E)
Hello Sohail Dhoda,
Thanks for posting your question in the Microsoft Q&A forum.
Azure Active Directory B2C (Azure AD B2C) is a powerful identity and access management service designed to handle authentication for customer-facing applications. However, implementing user flows and managing authentication requirements can present challenges, especially when dealing with users who lack access to email or phone for OTP (One-Time Password) verification.
The requirement for OTP during the first-time sign-in process can create barriers for users who lack access to email or phone. To address this, you can implement Single Sign-On (SSO) from an identity provider (IdP) to allow users to authenticate directly without additional OTP verification. Some useful links are as below:
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=windows&pivots=b2c-user-flow
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy
Proper sign-out functionality is critical to ensure that user sessions are terminated securely. Azure AD B2C supports sign-out by invalidating the session and redirecting the user to a specified page. Some useful links are as below:
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#sign-out
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#configure-front-channel-logout
To streamline authentication, you can pass a SAML token or claim containing the user’s email address. This allows the client directory to authenticate users without requiring separate email validation. Some useful links to refer as below:
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/identity-provider-generic-saml?tabs=windows&pivots=b2c-user-flow
- https://learn.microsoft.com/en-us/azure/active-directory-b2c/claims-transformation-technical-profile
Mapping an email address as the username and pre-loading a password can simplify the authentication process and bypass the need for email validation. Azure AD B2C supports this approach, but it requires careful configuration.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/microsoft-graph-operations
By leveraging Azure AD B2C’s capabilities, you can address the challenges of OTP verification, sign-out functionality, and seamless authentication. Implementing SSO with federated identity providers eliminates the need for OTP, while proper configuration of the sign-out endpoint ensures secure session termination. Passing SAML tokens or claims allows for seamless authentication, and mapping email addresses as usernames with pre-loaded passwords simplifies the user experience.
Please, let me know the response helped answer your question? If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. 🙂