When a user signs in, is it possible to let Azure Active Directory B2C pick the User Flow to use for Sign-In based on an Application Claim?

The behavior i am trying to create is, that the user enters his e-mail and ADB2C then routes to one of the available policies based on an application claim the user enters during sign-up.

This should allow us to have Multi-Factor-Authentication activated (or deactivated) on a User-Level. Currently you can only activate or deactivate MFA on a User Flow-Level, so my idea would be to have 2 User Flows, one with MFA activated and one without MFA and then use the respective User Flow based on a criteria of the user (e.g. Application Claim). It would be even better to have a Hook decide which User Flow to user but afaik this is not possible at the moment.

I know i can use Custom Policies to customize the login flow but this seems to be a quite painful experience so i try to stick with User flows as much as possible.

CodePudding user response：

Pretty simple to do with one custom policy - just use a precondition in the user journey. My tool deploys custom policies for you to get started.

You could set an attribute on the user profile to conditionally run the MFA step, or via some other logic, like domain name detection.

Doing this with two user flows will create lots of problems.