How to require External Guest User to create password, upon invitation (or create temporary password). Graph API

Andrew E. Venson 11 Reputation points
2021-02-02T18:02:08.083+00:00

I'm using Graph API to create invitations for users, so they can access internal resources ( a Power Apps Canvas form ) as guest users. The current issue I'm having is creating a user friendly way for the user to either create their own password or to automatically create a temporary password for the invited guest user that they can use to login.

Upon selection of the invitation redemption url/link, they are redirected to the Power Apps form. They are then prompted to sign in. (This is where I'm having the issue) In order for the user to sign in, they have to select "Forgot Password" and follow the corresponding steps to create a password. I'm not sure if there is a way to do this, but it would be nice if the user could be automatically routed to a form that would allow them to create there password right off the bat, or if there was some temporary password we could associate to the invited external guest user account, that we could potentially send in the invitation email.

I've searched quite a few forums and haven't found any solutions that might work for this particular use case. I haven't found anything in regards to password management for invited users, even on the user's end.

Thanks in advance!

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
628 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,887 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 34,791 Reputation points Microsoft Employee
    2021-02-02T23:20:52.46+00:00

    I'm not sure that there is an out-of-the-box way to enforce this for guest users (but I'm checking with the team to make sure I didn't miss something).

    Here are a few options, though:

    1. You could use Vasil Michev's script to force password changes for either a group of users or all users. Get-MsolUser -All | ? {$_.Country -eq "USA"} | Set-MsolUserPassword -ForceChangePasswordOnly $true -ForceChangePassword $true
    2. You could use Conditional Access to require a password change. https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-grantuse
    3. You could use -ForceChangePasswordNextLogin and apply it to the relevant users. https://learn.microsoft.com/en-us/powershell/module/azuread/set-azureaduserpassword?view=azureadps-2.0