Create/Invite user in azure ad b2c and then allow user to reset password on first login

Question

I have created user in azure ad b2c successfully, Now I want users to activate their account. I am using graph client invite api to create/invite users
This is my request object:
var invitation = new Invitation
{
InvitedUserEmailAddress = user.Email,
SendInvitationMessage = true,
InviteRedirectUrl = "https://myredirect.page",
InvitedUserDisplayName = user.FullName,
};
var result = await graphClient.Invitations
.Request()
.AddAsync(invitation);
After this user is invited and got an email in their inbox, but the activation link in email is using OTP to authenticate the account. Is there any way that I can redirect user to reset their password and us that password for future.

Answer 1

Hello

We could force the user to reset password on first login via Custom Policies. This sample console app (.Net core) demonstrates how to send sign-up email invitation. The web application sends an email to the end user with a link to sign-up policy. The link to the sign-up policy contains the email address, which is encapsulated inside a JWT token (id_token_hint). When a user clicks on that link, Azure AD B2C validates the JWT token signature, reads the information from the token, extracts the email address and ask the user to set the password, display name, surname and given name.

Kindly follow email invite custom policy as per: https://github.com/azure-ad-b2c/samples/blob/master/policies/invite/policy/SignUpInvitation.xml

• Where in 3rd orchestration step LocalAccountSignUpWithReadOnlyEmail technical profile is called:

• This technical profile force user to set the password without editing the email address:

Please do let me know if you have any further queries on this in the comments section.

Thanks,
Akshay Kaushik

Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.