'Use AzureAD for Users that have known Email and Mobile number but not an Account in AzureAD

We are building a System that receives Message that a User like to View. With each Message we receive also the EMail and Mobile number.

As to build a save Login is tricky, we like to use AzureAD (our App will run in the Azure Cloud).

I think the flow has to look like that:

  1. The backend calls azure AD to create the user or some kind of user with email + mobile number.
  2. The User receive a Mail with a link to our app. Then the gets redirected to the login. There he must validate the EMail + Mobile number.
  3. Than he is logged in.

Is this possible? Or there other better ways?

Best regards G

azure-active-directory


Solution 1:[1]

  1. User performs a registration with the follwing info: name, email, mobile number
  2. Backend app creates the user in AAD using Graph API: How to create Azure AD user programmatically?

The AAD user profile can hold the name, email and number (does not have to be an Exchange address).

  1. Backend app sends an email to the customer with the username, temp password and login link

  2. Customer clicks on link, signs in, and is forced to change password. This validates email address. Validate the mobile number and then registration is complete.

  3. At this time, anytime user logs in, the application just works.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Matt Small

Related Questions

Synapse external table "Unauthorized"

How to redirect from VB.NET legacy web application login page to azure portal to validate azure ad with MFA

Receive a request when Azure AD User receive a call

Can I use SVG within a customized the Azure AD B2C user interface?

Connecting to Dynamics 365 TDS-enabled database with OLEDB Linked Server

How do I define the SignedOut page in Microsoft.Identity.Web?

Azure AD API request 401 Unauthorized

Using multiple authentication providers in C# .net core

Active directory check if user belongs to a group

Web API with Microsoft Identity Platform Authentication

azure ad authentication issue with razor handlers

How to open the file on browser instead of downloading in local that is stored in Azure Data lake Gen 2

Error - Intent filter for: BrowserTabActivity is missing. While using AzureAD MSAL Lilbary

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

what is role of User did in Verifiable Credentials ? did:ion:username and when user did will generate?