Share via

B2C Customize Password Complexity Through Custom API

Vikas Tiwari 771 Reputation points
2021-01-15T17:11:34.293+00:00

Hi @AmanpreetSingh-MSFT ,

I wanted to check if following scenario supported in B2C:

I wanted to call custom API from password reset policy that can send user password to API, so that we can maintain user password history on our end and can implement custom password complexity requirements those are not OOTB in b2c (i.e. enforcing password history not supported in B2C).

I wanted to know is there any way to get password which user is entering and pass it to custom API for further processing and checks? I checked documentation but didn't find it anywhere.

I appreciate if you can help here.

Thanks,
Vikas Tiwari

Microsoft Security | Microsoft Entra | Microsoft Entra External ID
0 comments

Answer accepted by question author

AmanpreetSingh-MSFT 56,971 Reputation points Moderator
2021-01-18T11:39:39.843+00:00

Hi @Vikas Tiwari · Thank you for reaching out.

Yes, B2C doesn't support Password History requirements out of box. You may refer to this GitHub repo to implement it via custom policy using REST Technical Profile and Key Vault to maintain and validate password history requirement.

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.