Yes, it is possible to create a custom policy in Azure AD B2C that forces users to reset their password without first sending an email. This involves configuring a custom user journey in your policy. Below are the steps to achieve this:
Step 1: Create a Custom Policy
- Sign in to the Azure portal:
- Navigate to Azure Active Directory.
- Go to B2C Custom Policies under the Policies section.
- Click New custom policy to create a new one.
- Go to B2C Custom Policies under the Policies section.
- Navigate to Azure Active Directory.
Step 2: Configure the Force Password Reset Step
- In your custom policy files (TrustFrameworkBase.xml, TrustFrameworkExtensions.xml, SignUpOrSignIn.xml):
- Add a Self-Asserted Technical Profile for the password reset step.
- Customize the technical profile to include the following:
- Add a Self-Asserted Technical Profile for the password reset step.
xmlCopy code
<ClaimsProvider>
Step 3: Skip the Send Email Step
To skip the email step:
- Modify the technical profile for LocalAccountWritePasswordUsingObjectId:
- Set the
EnforceEmailVerification
metadata item tofalse
.
Example:
xmlCopy code
<TechnicalProfile Id="LocalAccount-WritePasswordUsingObjectId">
Step 4: Define the Custom User Journey
In your TrustFrameworkExtensions.xml, define the custom user journey to start with the password reset step:
xmlCopy code
<TrustFrameworkPolicy ...>
Step 5: Test the Custom Policy
- Assign the custom policy to a test user.
- Trigger the password reset flow and verify that the user sees the reset password screen without receiving an email.
Remember to adjust the policy settings according to your organization’s requirements.You can create a custom policy in Azure Active Directory (Azure AD) that enforces a force password reset without sending an email notification. Let’s walk through the steps:
Step 1: Create a Custom Policy
- Sign in to the Azure portal:
- Navigate to Azure Active Directory.
- Go to B2C Custom Policies under the Policies section.
- Click New custom policy to create a new one.
- Go to B2C Custom Policies under the Policies section.
- Navigate to Azure Active Directory.
Step 2: Configure the Force Password Reset Step
- In your custom policy files (TrustFrameworkBase.xml, TrustFrameworkExtensions.xml, SignUpOrSignIn.xml):
- Add a Self-Asserted Technical Profile for the password reset step.
- Customize the technical profile to include the following:
- Add a Self-Asserted Technical Profile for the password reset step.
xmlCopy code
<ClaimsProvider>
Step 3: Skip the Send Email Step
To skip the email step:
- Modify the technical profile for LocalAccountWritePasswordUsingObjectId:
- Set the
EnforceEmailVerification
metadata item tofalse
.
Example:
xmlCopy code
<TechnicalProfile Id="LocalAccount-WritePasswordUsingObjectId">
Step 4: Define the Custom User Journey
In your TrustFrameworkExtensions.xml, define the custom user journey to start with the password reset step:
xmlCopy code
<TrustFrameworkPolicy ...>
Step 5: Test the Custom Policy
- Assign the custom policy to a test user.
- Trigger the password reset flow and verify that the user sees the reset password screen without receiving an email.
Remember to adjust the policy settings according to your organization’s requirements.
I hope this helps.