![]() ![]() The user enters their mobile phone number and is guided to install an authentication application and scan a QR tag to add their account. In cases where the required multi-factor authentication isn't set it up yet, the user can set it up just-in-time in the same dialog. It lets the Microsoft Entra ID control Conditional Access, for example, by having the user perform multi-factor authentication (MFA) during the authentication phase (like entering a Windows Hello PIN or being called on their phone or on an authentication app on their phone).It enables redirection to other identity providers (for instance, sign-in with a work or school account, or a personal account with MSAL or with a social account with Azure AD B2C). ![]() ![]() The password, if one was typed, is never stored by the application, nor the authentication library.Allowing the Microsoft Entra ID to handle the HTML interaction has many advantages: The authentication endpoint sends back HTML and JavaScript that controls the interaction, which is rendered in a web browser or a web control. It's important to understand that when acquiring a token interactively, the content of the dialog box isn't provided by the library but by Microsoft Entra ID. Web browsers in MSAL.NET Interaction happens in a web browser MSAL.NET supports a system web browser or an embedded web view. Interactive authentication requires using a broker or a web browser. On Windows machines the broker is Web Account Manager (WAM), on Android and iOS - Microsoft Authenticator or Intune Company Portal. We recommend using brokers to authenticate as they offer more benefits compared to the browsers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |