After verifying the user is legit, require them to consent to one or more consents in the system, also possibly asking them for additional information before letting them in.
For the advanced registration piece, it would make more sense to me if that wasn't tied to a username/password at all. If we already have the un/pw in a federation situation, then forcing us to ask for it again to fill out the registration record seems incorrect.
I understand that for a B2C where someone is creating a un/pw on the site it makes sense. However, there are many instances where we don't want to have a user able to login via any means other than federation (AD login, social media login, etc). And even where it "may" make sense (multiple social media logins linked to the same record) - there might be a "username" but certainly no password would be required in those cases.
The custom claims makes sense, and I'm happy to do something like that.
If I wanted to inject my own screens into the middle of your hosted UX flow, how would we do that? [Basically add my own "advanced registration" flow into your UX flow]?
Does that require completely replacing the UX flow you have with my own hosted one?