Hello CHAUDHARI, SAMEER,
Thanks for reaching out!
When performing user migration from a legacy IDP to Azure AD B2C, you may encounter challenges when updating the passwords of users. Here are a few suggestions on how to update the password either through an API or through a policy without requiring the user to reset their password:
- Update password through the Microsoft Graph API: The endpoint you mentioned (
authenticationmethod-resetpassword
) is not applicable for Azure AD B2C. Instead, you can use the Azure AD Graph API'ssetPassword
endpoint to update the user's password. Here's an example request:
PATCH /beta/users/{user_id}
Content-Type: application/json
{
"passwordProfile": {
"password": "<new_password>",
"forceChangePasswordNextSignIn": false
}
}
Replace {user_id}
with the appropriate user identifier and <new_password>
with the desired password. Make sure to authenticate the API call with appropriate credentials and permissions.
- Update password through custom policy in Azure AD B2C: In your custom policy, you can include a step to update the user's password after the successful token validation from the legacy IDP. You can use the
AAD-UserWritePasswordUsingObjectId
technical profile to achieve this. Here's an example:
<OrchestrationStep Order="5" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimEquals" ExecuteActionsIf="false">
<Value>tokenSuccess</Value>
<Value>true</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="UpdatePassword" TechnicalProfileReferenceId="AAD-UserWritePasswordUsingObjectId" />
</ClaimsExchanges>
</OrchestrationStep>
This step should be added after the token validation step and before the final redirect or token issuance step in your user journey.
- Remember to customize the technical profile
AAD-UserWritePasswordUsingObjectId
to suit your specific requirements, such as specifying the desired password value and any additional constraints.
By utilizing either the Microsoft Graph API or a custom policy, you can update the user's password without requiring them to reset it manually. Choose the approach that best aligns with your implementation and make sure to handle any error scenarios appropriately.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.