Azure AD B2C: Invalid password error when account is created using Userflows and logging in with Custom policies

2024-11-09T14:33:22.6266667+00:00

Hi All, we are trying to use Azure AD B2C for authentication in our web application. The application was initially configured to use "Userflows" and then we had to switch to "Custom policies" because of a blacklisting domain feature which was not possible with Userflows. Now when a user tries to login using a Local account using custom policies, it throws an error "Invalid password". Although a user who does a signup using Custom policies, the signin works as expected. Is there a way in which we can make the signin work for user that was created using Userflows and tries to signin using custom policies? Or is there a way to migrate accounts from userflows to custom policies.

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,419 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,738 questions
Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,280 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,533 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Theophilus Sawyerr 0 Reputation points
    2024-11-11T09:37:30.4+00:00

    Hi @Komanduri, Krishna Rohit, Celanese

    Unfortunately, there is no direct, automated migration process from User Flows to Custom Policies within Azure AD B2C. However, a common approach is to prompt users to reset their passwords. By implementing a password reset flow within the Custom Policy, users can reset their passwords, which updates the hash to match the Custom Policy configuration. This way, their accounts become compatible with the Custom Policy authentication. However, if you need to retain the original passwords without requiring resets, consider implementing a custom password migration strategy.

    I hope the above helps


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.