I have currently implemented the following with custom policies in my Azure AD B2C:

• The user signs in with their Office or Google account.
• If they have 2FA enabled on their social account, they authenticate themselves.
• They get send back to B2C and get asked for the B2C 2FA (I do not want this, if they already did 2FA on their social account)

Is there any way to implement it so that users must authenticate twice instead of three times? I want to keep 2FA if users have not set it up for their social accounts.

For example, is it possible to check if 2FA was used on the social sign in? Or is it possible to enforce 2FA on social account sign ins?

I have used the following templates for my setup:

• https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-absolute-timeout-and-ip-change-trigger
• https://github.com/azure-ad-b2c/samples/tree/master/policies/account-linkage-unified