question

bogdanbledea-1573 avatar image
0 Votes"
bogdanbledea-1573 asked WileySiler-8005 commented

Why does e-mail verification needs to be done 2 times for self-service password reset in Azure Ad B2C?

I'm trying to use self service password reset for my tenant in Azure AD B2C, but for some reason the verification of email needs to be done twice after you click on "Forgot your password?" link. Any idea why?

azure-ad-b2c
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @bogdanbledea-1573,

Is this happening every time ? Have you tried the email verification for any other user account ? I have tried this on my local account with a guest user and I received only one email.

Thanks
Saurabh

0 Votes 0 ·

Yes, but this is because MFA is activated. So when the MFA is activated for the self-service password reset for a SignIn (Recommended) user flow you have to verify the e-mail twice.

Is there any way I can disabled MFA for the self-service password reset flow and not for login?

0 Votes 0 ·

Hi @bogdanbledea-1573,

Have you tried disabling the MFA enforcement on Password reset user flow in your Azure AD B2C directory.
96501-image.png

Thanks
Saurabh

0 Votes 0 ·
image.png (91.9 KiB)
Show more comments

1 Answer

SaurabhSharma-msft avatar image
0 Votes"
SaurabhSharma-msft answered WileySiler-8005 commented

Hi @bogdanbledea-1573,

I have received confirmation from products team and this is the default behavior that you are experiencing. You are seeing the MFA coming up twice while resetting the Password using the SSPR for B2C using the SignUp-SignIn Policies, as the default behavior for Password Reset flow (through SignUp-SignIn policies) is that you need to put you email and get the code sent to your email and once the code is entered to the B2C password reset page, you would be asked to enter the new password and confirm new password. But if you enable MFA for your SignUp-SignIn policy, and then try to reset the password, you would first go by the default flow for SSPR i.e enter your email address and get the code sent to your email and second, once you enter the code the next page is the MFA page, that would bring up the MFA method that is selected in the SignUp-SignIn Policy.
In case you want to update this behavior, you would have to use the custom policies.

Please let me know if you have any questions.

Thanks
Saurabh

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you expand on this please. What specific change needs to be enabled on the custom policy?

0 Votes 0 ·