Share via

How to divide the entry of credentials into two pages in ADB2C (as happens with the login to Microsoft services)

Errico, Giuliano [COMRES/EUR/BLU] 55 Reputation points
2024-02-21T20:28:46.37+00:00

I'm using ADB2C custom policies to customise the login page of an application.
I would like to provide a user experience for sign in similar to Microsoft, that is entering user credential (email and password) in two steps. I would also like to perform some checks on the email provided by the user before going on with the authentication. To better explain what I mean here is a screen of what I would like to achieve (please don't care about Sign in options, I don't need it for now):

Screenshot 2024-02-21 at 11.54.41

ADB2C Custom policies permit a form with both email and password in the same page, but I want to split them (like the screen above) and check whether the password profile is marked as 'forceChangePasswordNextSignIn'. This is the flow:

  • User enters email address and click Next button
  • The policy checks the forceChangePasswordNextSignIn flag for that user/email address
  • If set to false the login page shows the password form (normal experience)
  • If set to true redirects the user to password reset page
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,886 questions
Accepted answer
  1. Shweta Mathur 28,196 Reputation points Microsoft Employee
    2024-02-22T08:09:42.0466667+00:00

    Hi @Errico, Giuliano [COMRES/EUR/BLU] ,

    Thanks for reaching out.

    Here is sample custom policy to split the verification into two steps for sign up flow.

    In the similar way, you can split the verification into sign in flow.

    https://github.com/azure-ad-b2c/samples/tree/master/policies/split-email-verification-and-signup

    First, define a technical profile to collect the user's email address. This will likely be a self-asserted technical profile where the user inputs their email.

    Then,need to define forceChangePasswordNextSignIn custom attribute as Boolean to check its value true/false and based on that check precondition in orchestration step of user's journey.

    <OrchestrationStep Order="3" Type="ClaimsExchange"> 
<Preconditions> 
<Precondition Type="ClaimEquals" ExecuteActionsIf="true"> <Value>extension_forceChangePasswordNextSignIn</Value>
<Value>true</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition> 
</Preconditions>
<ClaimsExchanges>

    For redirecting the user to a password reset flow, you would typically invoke a sub-journey or a different technical profile designed for password reset.

    https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset

    Hope this will help.

    Thanks, Shweta

    Please remember to "Accept Answer" if answer helped you.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Errico, Giuliano [COMRES/EUR/BLU] 55 Reputation points
    2024-02-26T11:48:18.64+00:00

    Hi Mathur, sorry for the late. I spent the weekend struggling with this stuff and I almost managed to achieve the goal (one thing missing, "Forgot you password?" link disappeared) so thank you a lot for the support.

    0 comments