My base policy is based on the LocalAccount Starter Pack
I am referring to this passwordless sample which is based on SocialAndLocalAccount Starter Pack
My question is similar to this stack overflow question. But the answers provided there are not updated as of now.
I am new to creating custom policies and am unable to decide what steps I need to remove from the user journey.
I did remove the Order = 3,4, and 6 but it gives me a Claim Error while signing in. Also, according to the passwordless sample, if an unknown user tries to sign in it should give a validation that user does not exist. Instead, it sends the OTP to the unknown user too.
Remove anything to do with Facebook, and remove anything to do with AlternativeSecurityId.