changepassword through Microsoft graph api not working

Nerin Peter Chetty (For Azure) 86 Reputation points
2023-01-30T12:42:32.5766667+00:00

Hi ,

I tried changing password through graph api url but i get the below error as a response for my B2C tenant user

User's image

  1. I also tried updating user password through graph api but i am getting no privilege issue as i checked the document i can see that we need to add Directory.AccessAsUser.All

rights but i am not able to find the above privilege in my B2C tenant . if i try resetting the password through graph api i get the same error kindly help me to resolve the issue

User's image

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,715 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments
Accepted answer
  1. CarlZhao-MSFT 37,296 Reputation points
    2023-02-01T03:53:50.1033333+00:00

    Hi @Nerin Peter Chetty (For Azure)

    This is because your app is registered to authenticate users only with user flows/custom policies. You should create a single-tenant application to call the graph API:

    User's image

    Next, you'll be able to grant Directory.AccessAsUser.All delegated permissions to your app, then use the Azure AD-based delegated authentication flow (i.e. auth code flow or ROPC flow) to get an access token and call the graph API to change the user's password.

    Note that if you want to change passwords for other users in your tenant, you need to have at least the User Administrator role.

    User's image

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JIAN WANG 335 Reputation points
    2023-01-30T13:18:53.94+00:00

    When you logon via Azure portal.

    1. Go to App registrations.
    2. select your app.
    3. on the left menu, choose API permissons.
    4. Then Click Add a permission.
    5. Choose 'Microsoft Graph' User's image
    6. Then User's image
  2. CharanyaB-MSFT 1,421 Reputation points Microsoft Vendor
    2023-01-30T14:36:55.3766667+00:00

    Hello @Nerin Peter Chetty (For Azure),

    The changePassword API works only with delegated permission type. This API enable the user only to update their own password.

    Refer this document for more details about changePassword API.

    To Update the passwordProfile of a user to reset their password please consent one of the following permissions.

    User's image

    Please refer the below document to reset password for a user from b2c tenant:

    https://learn.microsoft.com/en-us/azure/active-directory-b2c/manage-users-portal#reset-a-users-password

    Hope this helps.

    If the reply is helpful, please click "Accept Answer" and kindly upvote it. If you have additional questions about this answer, please click "Comment".

  3. Nerin Peter Chetty (For Azure) 86 Reputation points
    2023-01-31T08:36:03.02+00:00

    Hi @
    Telen Wang thank you for your response but i am not able to see directory.accessuser.all privillage under my delegated permission

    User's image