Looking for Graph API support for Forgot Password, Account Email Verification flows

Prashant N 1 Reputation point
2021-11-04T10:58:57.937+00:00

Hello,

We have a requirement to use Forgot Password and Account verification using Graph APIs.

Forgot Password:

User Interface will be built using Adobe Experience Manager
Customer to enter the Email Id/User Id
To be validated in ADB2C if the user name is found, customer to be asked to enter Old Password, and enter new passwords
Password to be updated in AD B2C
Email will be sent out from Adobe Experience Manager flows

Verification Emails:

  1. Customer to get the email with link to active the account
  2. on click of the link account to be activated - Using APi activate the account in AD B2C

Looking for Graph API support for these two flows.

Regards,
Prashant

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,610 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2021-11-05T09:49:52.95+00:00

    Hi @Prashant N • Thank you for reaching out.

    Below is the call that you need to use for this purpose, by using the standard Azure AD functionality of your B2C tenant. 

     POST https://graph.microsoft.com/beta/me/changePassword  
 Body { "currentPassword": "P@$$w0rd1", "newPassword": "P@$$w0rd2" }

    Note: This can only be done in the current user's context to change his/her own account's password, which is why I have used /me endpoint in the above POST call. You cannot use Global Administrator account or an Application to obtain a token and use that token in Authorization header to change password of any other user account.

    Required delegated permission: Directory.AccessAsUser.All

    To change the password via user flow or custom policy in Azure AD B2C, please refer to https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-change-policy?pivots=b2c-user-flow

    As of now, a verification email with a link to activate the account is NOT via Graph API out of the box, but you may consider using a custom mailer solution. The below graph call can be used to activate/enable the account: 

    Call: PATCH https://graph.microsoft.com/v1.0/me  
Body: { "accountEnabled": true }

    You may consider posting an idea regarding this at Azure Feedback Portal, which the product team monitors for feature enhancements.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.