How to create an email only page in Azure AD B2C?

Question

I would like to have a page in front of my sign in page where there is only an email address field and a button. Once the user clicks the button, they go to another page where they can enter their username and password and sign in. Is this possible in B2C?

Email only page:

Sign In Page:

Step 1. In the TrustFrameworkBase.xml file, add an input restriction to the signInName claim type, so that only an e-mail address can be entered on the first page.

<!-- Claims needed for local accounts. -->
      <!--<ClaimType Id="signInName">
        <DisplayName>Sign in name</DisplayName>
          <DisplayName>Email address</DisplayName>
        <DataType>string</DataType>
        <UserHelpText />
        <UserInputType>TextBox</UserInputType>
      </ClaimType>-->

        <ClaimType Id="signInName">
            <DisplayName>Email address</DisplayName>
            <DataType>string</DataType>
            <UserHelpText/>
            <UserInputType>TextBox</UserInputType>
            <Restriction>
                <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
            </Restriction>
        </ClaimType>

Step 2. In the TrustFrameworkBase.xml file, add another technical profile to the Local Account claims provider, which prompts for the e-mail address.

 <ClaimsProvider>
      <DisplayName>Local Account</DisplayName>
      <TechnicalProfiles>
          <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-EmailOnly">
              <DisplayName>Local Account Signin</DisplayName>
              <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
              <Metadata>
                  <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
              </Metadata>
              <IncludeInSso>false</IncludeInSso>
              <OutputClaims>
                  <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
              </OutputClaims>
              <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
          </TechnicalProfile>
        <TechnicalProfile Id="LocalAccountSignUpWithLogonEmail">
...

Step 3. In the TrustFrameworkBase.xml file, add SelfAsserted-LocalAccountSignin-EmailOnly to the SignUpOrSignIn user journey as the first orchestration step.

<UserJourneys>
    <UserJourney Id="SignUpOrSignIn">
      <OrchestrationSteps>
          <OrchestrationStep Order="1" Type="ClaimsExchange">
              <ClaimsExchanges>
                  <ClaimsExchange Id="LocalAccountSigninEmailOnlyExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-EmailOnly" />
              </ClaimsExchanges>
          </OrchestrationStep>
        <OrchestrationStep Order="2" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
          <ClaimsProviderSelections>
            <ClaimsProviderSelection TargetClaimsExchangeId="FacebookExchange" />
            <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
          </ClaimsProviderSelections>
          <ClaimsExchanges>
            <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
          </ClaimsExchanges>
        </OrchestrationStep>

I still get prompted for a password (CSS is hiding the field):

Answer 1

A custom policy can be implemented for this "paginated" sign-in using the LocalAccounts starter pack as follows.

1. In the TrustFrameworkBase.xml file , add an input restriction to the signInName claim type , so that only an e-mail address can be entered on the first page.

<ClaimType Id="signInName">
  <DisplayName>Email address</DisplayName>
  <DataType>string</DataType>
  <UserHelpText/>
  <UserInputType>TextBox</UserInputType>
  <Restriction>
    <Pattern RegularExpression="^[a-zA-Z0-9.!#$%&amp;'^_`{}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$" HelpText="Please enter a valid email address." />
  </Restriction>
</ClaimType>

2. In the TrustFrameworkBase.xml file, add another technical profile to the Local Account claims provider , which prompts for the e-mail address.

<TechnicalProfile Id="SelfAsserted-LocalAccountSignin-EmailOnly">
  <DisplayName>Local Account Signin</DisplayName>
  <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.SelfAssertedAttributeProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
  <Metadata>
    <Item Key="ContentDefinitionReferenceId">api.selfasserted</Item>
  </Metadata>
  <IncludeInSso>false</IncludeInSso>
  <OutputClaims>
    <OutputClaim ClaimTypeReferenceId="signInName" Required="true" />
  </OutputClaims>
  <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
</TechnicalProfile>

3. In the TrustFrameworkBase.xml file, add SelfAsserted-LocalAccountSignin-EmailOnly to the SignUpOrSignIn user journey as the first orchestration step.

<UserJourney Id="SignUpOrSignIn">
  <OrchestrationSteps>
    <OrchestrationStep Order="1" Type="ClaimsExchange">
      <ClaimsExchanges>
        <ClaimsExchange Id="LocalAccountSigninEmailOnlyExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-EmailOnly" />
      </ClaimsExchanges>
    </OrchestrationStep>
    <OrchestrationStep Order="2" Type="CombinedSignInAndSignUp" ContentDefinitionReferenceId="api.signuporsignin">
      <ClaimsProviderSelections>
        <ClaimsProviderSelection ValidationClaimsExchangeId="LocalAccountSigninEmailExchange" />
      </ClaimsProviderSelections>
      <ClaimsExchanges>
        <ClaimsExchange Id="LocalAccountSigninEmailExchange" TechnicalProfileReferenceId="SelfAsserted-LocalAccountSignin-Email" />
      </ClaimsExchanges>
    </OrchestrationStep>
    ...