Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Effective May 1, 2025, Azure AD B2C will no longer be available to purchase for new customers. Learn more in our FAQ.
Before you begin, use the Choose a policy type selector at the top of this page to choose the type of policy you’re setting up. Azure Active Directory B2C offers two methods to define how users interact with your applications: through predefined user flows or through fully configurable custom policies. The steps required in this article are different for each method.
By default, Azure Active Directory B2C (Azure AD B2C) verifies your customer's email address for local accounts (accounts for users who sign up with email address or username). Azure AD B2C ensures valid email addresses by requiring customers to verify them during the sign-up process. It also prevents malicious actors from using automated processes to generate fraudulent accounts in your applications.
Some application developers prefer to skip email verification during the sign-up process and instead have customers verify their email address later. To support this, Azure AD B2C can be configured to disable email verification. Doing so creates a smoother sign-up process and gives developers the flexibility to differentiate customers that have verified their email address from customers that have not.
Warning
Disabling email verification in the sign-up process may lead to spam. If you disable the default Azure AD B2C-provided email verification, we recommend that you implement a replacement verification system.
Prerequisites
- Create a user flow so users can sign up and sign in to your application.
- Register a web application.
- Complete the steps in Get started with custom policies in Active Directory B2C. This tutorial guides you how to update custom policy files to use your Azure AD B2C tenant configuration.
- Register a web application.
Disable email verification
Follow these steps to disable email verification:
- Sign in to the Azure portal.
- If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
- In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
- Select User flows.
- Select the user flow for which you want to disable email verification.
- Select Page layouts.
- Select Local account sign-up page.
- Under User attributes, select Email Address.
- In the Requires Verification drop-down, select No.
- Select Save. Email verification is now disabled for this user flow.
The LocalAccountSignUpWithLogonEmail technical profile is a self-asserted, which is invoked during the sign-up flow. To disable the email verification, set the EnforceEmailVerification metadata to false. Override the LocalAccountSignUpWithLogonEmail technical profiles in the extension file.
- Open the extensions file of your policy. For example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.
- Find the ClaimsProviderselement. If the element doesn't exist, add it.
- Add the following claims provider to the ClaimsProviderselement:
<ClaimsProvider>
  <DisplayName>Local Account</DisplayName>
  <TechnicalProfiles>
    <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
      <Metadata>
        <Item Key="EnforceEmailVerification">false</Item>
      </Metadata>
    </TechnicalProfile>
  </TechnicalProfiles>
</ClaimsProvider>
Test your policy
- Sign in to the Azure portal.
- If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Azure AD B2C tenant from the Directories + subscriptions menu.
- In the left menu, select Azure AD B2C. Or, select All services and search for and select Azure AD B2C.
- Select User flows.
- Select the user flow for which you want to disable email verification. For example, B2C_1_signinsignup.
- To test your policy, select Run user flow.
- For Application, select the web application named testapp1 that you previously registered. The Reply URL should show https://jwt.ms.
- Click Run user flow
- You should be able to sign up using an email address without the validation.
Update and test the relying party file
- Sign in to the Azure portal.
- If you have access to multiple tenants, select the Settings icon in the top menu to switch to your Microsoft Entra ID tenant from the Directories + subscriptions menu.
- Choose All services in the top-left corner of the Azure portal, and then search for and select App registrations.
- Select Identity Experience Framework.
- Select Upload Custom Policy, and then upload the two policy files that you changed.
- Select the sign-up or sign-in policy that you uploaded, and click the Run now button.
- You should be able to sign up using an email address without the validation.