I have two sign-in policies residing in the same B2C tenant, one with MFA disabled and one with it enabled. I want the sign-in policy with MFA enabled to be used for step-up authentication i.e. if a user has already logged in with his username and password(via a policy), it should only prompt him for MFA not for his username and password once again.
The behavior I have observed is that sometimes the user is prompted to enter his credentials and sometimes he is only prompted to verify his phone number (roughly every alternate time). Is there something I can do to make sure the user is never prompted for username and password. (FYI both policies have the same Identity Providers, Claims and SSO/Token config)