在 Azure Active Directory B2C 中启用多重身份验证Enable multi-factor authentication in Azure Active Directory B2C

Azure Active Directory B2C (Azure AD B2C) 直接集成了 Azure 多重身份验证,因此你可以为应用程序中的注册和登录体验添加第二层安全性。Azure Active Directory B2C (Azure AD B2C) integrates directly with Azure Multi-Factor Authentication so that you can add a second layer of security to sign-up and sign-in experiences in your applications. 无需编写一行代码便可启用多重身份验证。You enable multi-factor authentication without writing a single line of code. 如果已经创建了注册和登录用户流,则仍然可以启用多重身份验证。If you already created sign up and sign-in user flows, you can still enable multi-factor authentication.

此功能有助于应用程序处理以下方案:This feature helps applications handle scenarios such as the following:

  • 不需要多重身份验证即可访问一个应用程序,但需要多重身份验证才能访问另一个应用程序。You don't require multi-factor authentication to access one application, but you do require it to access another. 例如,客户可以使用社交或本地帐户登录汽车保险应用程序,但是必须在访问在同一目录中注册的家庭保险应用程序之前验证电话号码。For example, the customer can sign into an auto insurance application with a social or local account, but must verify the phone number before accessing the home insurance application registered in the same directory.
  • 通常不需要多重身份验证即可访问一个应用程序,但需要它才能访问其中的敏感部分。You don't require multi-factor authentication to access an application in general, but you do require it to access the sensitive portions within it. 例如,客户可以使用社交或本地帐户登录银行应用程序并查询帐户余额,但必须在尝试进行电子转账前验证电话号码。For example, the customer can sign in to a banking application with a social or local account and check the account balance, but must verify the phone number before attempting a wire transfer.

设置多重身份验证Set multi-factor authentication

在创建用户流时,可以选择启用多重身份验证。When you create a user flow, you have the option to enable multi-factor authentication.

设置多重身份验证

将“多重身份验证” 设置为“启用” 。Set Multifactor authentication to Enabled.

可以使用“运行用户流” 来验证体验。You can use Run user flow to verify the experience. 确认以下场景:Confirm the following scenario:

在多重身份验证步骤发生之前,在租户中创建了一个客户帐户。A customer account is created in your tenant before the multi-factor authentication step occurs. 在执行此步骤期间,会要求客户提供一个电话号码并对其进行验证。During the step, the customer is asked to provide a phone number and verify it. 如果验证成功,则会将电话号码附加到帐户供以后使用。If verification is successful, the phone number is attached to the account for later use. 即使客户取消或退出登录,也可能会要求客户在下次登录时再次验证电话号码(启用了多重身份验证时)。Even if the customer cancels or drops out, the customer can be asked to verify a phone number again during the next sign-in with multi-factor authentication enabled.

添加多重身份验证Add multi-factor authentication

可以在之前创建的用户流上启用多重身份验证。It's possible to enable multi-factor authentication on a user flow that you previously created.

若要启用多重身份验证,请执行以下操作:To enable multi-factor authentication:

  1. 打开用户流,然后选择“属性” 。Open the user flow and then select Properties.
  2. 在“多重身份验证” 旁边,选择“启用” 。Next to Multifactor authentication, select Enabled.
  3. 单击页顶部的“保存”。 Click Save at the top of the page.