We have a requirement to have B2C Authentication to log on to Appian. This initial logon will be without MFA. However depending on the interface they access, we want to enforce MFA for accessing those user interfaces. Is there a way this can be achieved in Appian? Do we have the ability to access the token sent back from Azure B2C to check if MFA was done or not and then redirect them to reauthenticate with MFA?
Discussion posts and replies are publicly visible
You could simply ping the /me endpoint using the Graph API by using Oauth code grant.
https://learn.microsoft.com/en-us/graph/api/user-get?view=graph-rest-1.0&tabs=http
https://docs.appian.com/suite/help/24.1/Oauth_connected_system.html
To force them to reauthorize, you could invalidate the sign in sessions.
https://learn.microsoft.com/en-us/graph/api/user-revokesigninsessions?view=graph-rest-1.0&tabs=http
Hope this helps.
I have the same kind of requirement for 2 months. I have checked with Appian support. Appian support mentioned that Azure B2C will not supported by Appian.
Please find the reply I got from the support team.
Unfortunately, Azure AD is currently not a supported authentication method within Appian. The only supported authentication methods for connected data sources are basic authentication and OAUTH. For more information, please refer to our documentation on data source connected systems and authentication methods linked below: Data Source Connected Systems: docs.appian.com/.../data-source-connected-systems.html Authentication Methods: docs.appian.com/.../connected_system_authentication.html If you would like, I am happy to create a product enhancement request on your behalf to request support for this authentication method. However, please note that these requests will be prioritized by our engineering team, and we are not able to provide a timeline on when or if they will be implemented. Please review the following documentation on product enhancement requests and provide me with the necessary information if you would like to create one. community.appian.com/.../kb-1717-how-to-submit-a-product-enhancement-request
Yeah, that's for Data Source Connected Systems.
I don't that is related to the original question.
thanks for your inputs Mathieu. Im exploring the links you have shared.
is it possible to read the claims returned for the user from Appian without syncing them to a user profile? Have you had any experience doing this Mathieu Drouin ?