Reset the password for an unverified account with Azure AD B2C
Question
We are currently using Azure AD B2C. To get a customized singup experience, since users only can be added by other users, we don't use the regular Sign in and signup user flow to create accounts, but instead we create all accounts through the Graph API.
This works well, but the problem arise when we want to use the Password reset policy, to allow the user to reset her password. Since the account has been created through the Graph API, rather than through the Signup policy, the email has not been verified from an Azure AD perspective.
Because of this, when the user want to reset her password, she first have to go through an email verification process:
- She enters her email in the password reset form
- She is prompted for a verification code (which at that point has been sent to here email)
- She has to check her email and copy the verification code
- When pasting the verification code into the reset form, she is allowed to choose a new password.
The expected behavior (as it works with most modern web services) is that you enter your email, an email is sent to you with a link to set a new password, if the email matches an existing account.
Is there some way to use the Password reset policies, without having to verify the email as part of the reset password flow? Or would we have to build or own setup to reset passwords as well?
1 answers
solution1
0 2019-03-06 09:00:41
I have checked the custom in built-in reset password policy, there is no way to configure it as you want, it still needs to verify email.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.