Need to expire password of B2C local users

Question

Hello All,

We recently implemented one Signin User Flow and one Password Reset User Flow, but now we need to implement some solution where the passwords of Local Accounts users will expire every 45 days, and whatever solution we implement should be integrated with the existing Signin & Password Reset User Flow. Is there a method to accomplish this, and if so, how? I checked using powershell as well, and "PasswordPolicies" is set to "DisablePasswordExpiration".

Regards,

Shashank Saxena

Answer 1

Hi @Anonymous ,

I think the closest equivalent in your case would be to use a custom policy to enforce password changes and set the timeSpanInSeconds to 3888000 in the TechnicalProfile in the custom policy:

          <InputParameter Id="timeSpanInSeconds" DataType="int" Value="-80" />

The default expiration period for B2C local accounts is 90 days. The FAQ notes,

The Azure AD B2C password user flow for local accounts is based on the policy for Azure AD. Azure AD B2C's sign-up, sign-up or sign in and password reset user flows use the "strong" password strength and don't expire any passwords.

If you do not have the password policy set to "DisablePasswordExpiration" and instead have set -PasswordPolicies None, all passwords that have a pwdLastSet older than 90 days require the user to change them the next time they sign in.

If a user resets the password, the passwordPolicies revert back to DisablePasswordExpiration .See related:

Password Expiration Policy for Azure AD B2C

B2C Password Expiration

Let me know if this helps and if you have further questions.

If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information.

Answer 2

Hello @Marilee Turscak-MSFT ,

Thanks for the response, but my question where I need to use it because I have used user Flows not Custom Policies.