Using hololens' iris scanner for login to azure active directory b2c

Question

I work for a b2b Saas that makes a software for hololens.

We would like for the end user to be able to login to our service from the iris scanner in the hololens. From what I have read, the iris scanner can only be use with a local account on the hololens or with azure active directory. However, not all our client use AAD and we don't want to impose it so we would like to use the AAD b2c so our client's employees could login to our own AAD as "consumers".

Is this something possible to do? I have created a AAD b2c account with microsoft's guides. The part I am not sure about is if our consumers can connect to our AAD b2c with the iris sensor on a Hololens.

Thanks for any info or tips!

Answer 1

Knowing nothing about Hololens :-)

When they refer to local accounts here, it seems that are talking about local accounts on the device, not local accounts in B2C.

B2C does not support Windows Hello or FIDO2.

I assume Hololens uses OIDC to talk to AAD? B2C supports OIDC but the problem is that it requires an extra parameter (the policy name - &p=policy). Is there support for this?

Hololens also supports Microsoft Accounts (MSA). B2C supports this as an external IDP. You can force B2C to authenticate directly with this IDP. That may work?