How to require External Guest User to create password, upon invitation (or create temporary password). Graph API

Question

How to require External Guest User to create password, upon invitation (or create temporary password). Graph API

Andrew E. Venson 16

I'm using Graph API to create invitations for users, so they can access internal resources ( a Power Apps Canvas form ) as guest users. The current issue I'm having is creating a user friendly way for the user to either create their own password or to automatically create a temporary password for the invited guest user that they can use to login.

Upon selection of the invitation redemption url/link, they are redirected to the Power Apps form. They are then prompted to sign in. (This is where I'm having the issue) In order for the user to sign in, they have to select "Forgot Password" and follow the corresponding steps to create a password. I'm not sure if there is a way to do this, but it would be nice if the user could be automatically routed to a form that would allow them to create there password right off the bat, or if there was some temporary password we could associate to the invited external guest user account, that we could potentially send in the invitation email.

I've searched quite a few forums and haven't found any solutions that might work for this particular use case. I haven't found anything in regards to password management for invited users, even on the user's end.

Thanks in advance!

1 answer

Your answer

Answer 1

Marilee Turscak-MSFT 37,206 Microsoft Employee Moderator

I'm not sure that there is an out-of-the-box way to enforce this for guest users (but I'm checking with the team to make sure I didn't miss something).

Here are a few options, though:

You could use Vasil Michev's script to force password changes for either a group of users or all users. Get-MsolUser -All | ? {$_.Country -eq "USA"} | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true
You could use Conditional Access to require a password change. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grantuse
You could use -ForceChangePasswordNextLogin and apply it to the relevant users. https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureaduserpassword?view=azureadps-2.0

Andrew E. Venson 16 Reputation points

2021-02-03T04:58:25.333+00:00

Thank you for this!

I feel like if the user will have to select "Forgot Password" and then reset their password anyways, the options you listed to force a password change would be redundant; considering they're already resetting their password.

Currently, the users are greeted to a login screen with a password field. But no one knows the password upon invitation. We can't use Graph API to set the password, as we would need delegated permissions and the clients credentials to set/reset password and we don't know what Azure is initially setting the invited user's password to.

Would we need to create a password using ps for this guest user account? Will powershell be able to bypass this password creation piece for guest user accounts?

Thanks!

Share via

How to require External Guest User to create password, upon invitation (or create temporary password). Graph API

1 answer

Your answer