Where Do I report an AzureB2C Bug invloving SignIn User Flow's "Self-service Password Reset" with MFA enabled Requiring Verification Email Twice?

Question

Where Do I report an AzureB2C Bug invloving SignIn User Flow's "Self-service Password Reset" with MFA enabled Requiring Verification Email Twice?

Jessie Potts 1

There is a bug in the Self-servie Password Reset" process when Multi Factor Authentication is enabled. Where is the appropriate location to report this bug so the issue can be resolved?

Steps To Repoduce Bug:

Create SignIn user flow using the recommended version
Enable Multi Factor Authentication using Email
Enable "Self-service Password Reset"
Run user flow
Click "Forgot your password?" link
Enter email address and click "Send verification code" button
Retrieve code from email and paste into "Verification Code" field
Click "Verify Code" button
After code is verified, click "Continue" button
You are now presented with the same form to send a verification code <--- this is the bug
Repeat steps 6 through 9
New Password/Confirm New Password options now appear
Whew!

Thanks for any help you can provide!

Anonymous

2021-11-24T21:13:09.077+00:00

Hi @Jessie Potts , what docs did you use to make this flow? I'll follow the along to repro and see if it's something in the docs or Azure itself.

Best,
James
Jessie Potts 1 Reputation point

2021-11-24T22:20:03.45+00:00

Hi @James Hamil ,

I didn't use any specific docs but I did find the following, which is representative of the steps I took, other than this documentation selects a sign up/sign in flow whereas I created a sign in flow only.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow

The one step I took that is not detailed on this page is that, in addition to enabling self-service password reset, I also enabled Multi Factor Authentication. MFA can be enabled when you create the user flow or later on in the flow's Properties (same location as the self-service password reset). Also, anything beyond the "Create a profile editing user flow" section is out of scope for the issue I've found.

Here's separate documentation on enabling MFA, if you want it:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow

II appreciate you taking time to look at it!
JamesTran-MSFT 37,256 Reputation points Microsoft Employee Moderator

2021-12-09T23:29:26.1+00:00

@Jessie Potts
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Jessie Potts 1 Reputation point

2021-12-09T23:37:23.163+00:00

Hi James,

The only question I have remaining at this time is the one I replied to your answer post:

Is there somewhere b2c issues are being documented/tracked that I can monitor for progress? I have been unable to locate any such place, which was why I posted the question as "Where Do I report an AzureB2C Bug ...".

Thanks again!

2 answers

Your answer

Anonymous

2021-11-24T21:13:09.077+00:00

Hi @Jessie Potts , what docs did you use to make this flow? I'll follow the along to repro and see if it's something in the docs or Azure itself.

Best,
James
Jessie Potts 1 Reputation point

2021-11-24T22:20:03.45+00:00

Hi @James Hamil ,

I didn't use any specific docs but I did find the following, which is representative of the steps I took, other than this documentation selects a sign up/sign in flow whereas I created a sign in flow only.

https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-user-flow

The one step I took that is not detailed on this page is that, in addition to enabling self-service password reset, I also enabled Multi Factor Authentication. MFA can be enabled when you create the user flow or later on in the flow's Properties (same location as the self-service password reset). Also, anything beyond the "Create a profile editing user flow" section is out of scope for the issue I've found.

Here's separate documentation on enabling MFA, if you want it:

https://learn.microsoft.com/en-us/azure/active-directory-b2c/multi-factor-authentication?pivots=b2c-user-flow

II appreciate you taking time to look at it!
JamesTran-MSFT 37,256 Reputation points Microsoft Employee Moderator

2021-12-09T23:29:26.1+00:00

@Jessie Potts
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Jessie Potts 1 Reputation point

2021-12-09T23:37:23.163+00:00

Hi James,

The only question I have remaining at this time is the one I replied to your answer post:

Is there somewhere b2c issues are being documented/tracked that I can monitor for progress? I have been unable to locate any such place, which was why I posted the question as "Where Do I report an AzureB2C Bug ...".

Thanks again!

Answer 1

Anonymous

Hi @Jessie Potts , the product team got back to me with an answer. This is the default behavior as of now. Creating a SUSI user flow with MFA and SSPS enabled will trigger the MFA request twice. An alternative is either to two separate flows (one for SUSI with MFA enabled, another for Password Reset with MFA disabled) or use custom policies. See: Why does e-mail verification needs to be done 2 times for self-service password reset in Azure Ad B2C?

They are aware of this issue and it will be resolved soon hopefully.

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James

Jessie Potts 1 Reputation point

2021-12-03T00:00:36.253+00:00

Thanks James. I appreciate you looking at this and will pursue resolving our issue using the work-around you describe.

Is there somewhere b2c issues are being documented/tracked that I can monitor for progress? I have been unable to locate any such place, which was why I posted the question as "Where Do I report an AzureB2C Bug ...".

Thanks again!

Answer 2

Anonymous

Hi @Jessie Potts , I've reported this to the product team. I'll let you know the fix to your issue when they find it!

Best,
James

0 comments

Share via

Where Do I report an AzureB2C Bug invloving SignIn User Flow's "Self-service Password Reset" with MFA enabled Requiring Verification Email Twice?

2 answers

Your answer