This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 65%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Is it possible to change SSPR email id when using username(not emailid) to sign in in the context of Azure B2C?
Scenario:
Using Azure B2C
Using username (not email id) to sign in
Email is provided for SSPR
Need to provide option for the user to edit their email id.
@sunny
When you say - change email id, are you referring to the actual email associated with that user name/profile?
Were you able to test this and sign in to SSPR using only a username?
SSPR is used for password reset and not for resetting your email address in this case. You can use custom policies to enable users who are signed in with a local account to change their password without having to prove their authenticity by email verification.
When I tried to sign in using a user name, B2C prompts me to enter a valid email address, and if I use an invalid email (not in my tenant) I get an error.
@sunny
Thank you for your patience throughout this issue. I received an update from our engineering team and have done some testing on my end and will post my findings below.
Engineering team update:
You need a custom policy which targets rewriting the "strongAuthenticationEmailAddress" attribute
StackOverflow related question
A B2C IEF Custom Policy which uses Usernames as the sign in identifier
Get started with custom policies in Azure Active Directory B2C
Testing:
I tested out some alternative ways to reset a user's email and found that you can also do this by having the user go to:
aka.ms/ssprsetup
Once logged in, you can have a user change their email address or phone number, and this will update the "Authentication Methods" blade for the user.
You also have to ensure that you have "Email" checked under "methods available to the user". This is regardless of the "Number of methods required..", it can be set to 1 or 2.
Changed my email just to demonstrate:
Lastly, you can also easily change a user's Alternate Email address by using Msol commands.
Please let me know if you have any other questions.
Thank you for your time and patience throughout this issue!
@JamesTran-MSFT , I am talking about allowing the user to edit the email id used for mfa/sspr, under Authenticator contact details. Please refer the screenshot. How do we provide the option to the user to change Email field in the screenshot?
@sunny
Thank you for the clarification. I was able to to find a User Voice item similar to this issue, and see that our AzureAD team commented in 2018 along with some recent customer inquiries for this feature.
I'll go ahead and reach out to our engineering team for an update and post their response here as soon as possible.
If you have any other questions in the meantime please let me know.
Thank you for your time and patience!
@JamesTran-MSFT
Thanks, I will wait for your confirmation after you hear back from engineering team.
@JamesTran-MSFT , Thanks for replying again.
Would aka.ms/ssprsetup work for b2c as well? I see it works for Azure AD but how the same work for B2C?
I see you are suggesting email could be changed using custom policy. We will try that out. From initial findings, it seems strongAuthenticationEmailAddress is ready only for B2C but we will try and get back
@sunny
Thank you for pointing that out! I didn't notice I was performing my tests on my AzureAD tenant and not my AzureAD B2C tenant (which, it doesn't work on).
If you run into issues while trying to implement your custom policy, please let me know.
Thank you again for your time and patience.
@JamesTran-MSFT
We were able to implement this using custom policies and it worked like a charm. Thanks. We would be detailing the steps around this as there was nothing specifically available on web that pointed to this specific use case.
strongAuthenticationEmailAddress is what needed to be changed in the custom flow
@sunny
Thank you for the follow up! I'm glad you were able to implement the custom policy, your answer and follow up will definitely help others in the community and is much appreciated.
Thank you again for your time and patience throughout!