Share via

How to set up reset password flow using email address while using UserID sign up

Sebastian Bienert 20 Reputation points
2023-01-13T11:40:33.45+00:00

Hi,
I am using Azure AD B2C for managing authentication and authorization in my application. For the user sign up/sign in process we are using Sign up and sign in (Standard legacy) user flow. It is configured with User ID signup Identity providers setting. For password reset process we are using Password reset (Standard legacy) user flow with Reset password using username setting. This configuration allows users to change their password by entering both username and email address for verification.

We want to allow users to change their password just with email address. I tried simply switching Identity providers setting in password reset flow to Reset password using email address , but I end up with "An account could not be found for the provided user ID." As I understood it is because the user signed up with user ID are identified only with username, even though they also had to enter email while signing up.

I tried one of the sample policy defined in Microsoft gihub repo:
[https://github.com/azure-ad-b2c/samples/tree/master/policies/username-or-email
But it does not fulfill my requirements. It would allow new users to sign up either with email or username and then depending on this decision use it as an identifier in reset password flow. I already have users signed up with username and want them to be able to use their email for password reset.

Is this even possible with user flows or custom policies, what actions I should take to make it work? I would be happy to provide some more details if needed.

Thanks!

Microsoft Security Microsoft Entra Microsoft Entra ID
Accepted answer
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2023-01-19T00:22:00.71+00:00

    Hi Sebastian Bienert ,

    To add to the previous comment, if I am understanding your requirement, the behavior you are describing would be an intentional limitation of the product.
    When users sign-up using userID, the email address they verified during sign-up was just added to their Auth Methods--Email like below. And one problem is that we do allow multiple users to use the same email address from the Auth method when resetting passwords. There would be an issue if you are only using email for password reset for userID sign-up users, since the email address verified in auth method might map to multiple userIDs.

    User's image

    Let me know if this helps answer your question. If you would like to leave a request for this feature and provide a business justification, you can do so in the feedback forum. https://feedback.azure.com/

    -

    If the information accurately addressed your question, please Accept the answer. This will help us as well as others in the community who might be researching similar questions.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sebastian Bienert 20 Reputation points
    2023-01-20T11:08:35.81+00:00

    Hi @Marilee Turscak-MSFT

    Thanks for your answers. You understood the requirement correctly and saved me some time trying to make it work.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.