This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 99%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
There is a bug in the Self-servie Password Reset" process when Multi Factor Authentication is enabled. Where is the appropriate location to report this bug so the issue can be resolved?
Steps To Repoduce Bug:
Thanks for any help you can provide!
Hi @Jessie Potts , what docs did you use to make this flow? I'll follow the along to repro and see if it's something in the docs or Azure itself.
Best,
James
Hi @James Hamil ,
I didn't use any specific docs but I did find the following, which is representative of the steps I took, other than this documentation selects a sign up/sign in flow whereas I created a sign in flow only.
The one step I took that is not detailed on this page is that, in addition to enabling self-service password reset, I also enabled Multi Factor Authentication. MFA can be enabled when you create the user flow or later on in the flow's Properties (same location as the self-service password reset). Also, anything beyond the "Create a profile editing user flow" section is out of scope for the issue I've found.
Here's separate documentation on enabling MFA, if you want it:
II appreciate you taking time to look at it!
@Jessie Potts
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Hi James,
The only question I have remaining at this time is the one I replied to your answer post:
Is there somewhere b2c issues are being documented/tracked that I can monitor for progress? I have been unable to locate any such place, which was why I posted the question as "Where Do I report an AzureB2C Bug ...".
Thanks again!
Hi @Jessie Potts , I've reported this to the product team. I'll let you know the fix to your issue when they find it!
Best,
James
Hi @Jessie Potts , the product team got back to me with an answer. This is the default behavior as of now. Creating a SUSI user flow with MFA and SSPS enabled will trigger the MFA request twice. An alternative is either to two separate flows (one for SUSI with MFA enabled, another for Password Reset with MFA disabled) or use custom policies. See: Why does e-mail verification needs to be done 2 times for self-service password reset in Azure Ad B2C?
They are aware of this issue and it will be resolved soon hopefully.
If this answer helped you please mark it as "Verified" so other users may reference it.
Thank you,
James
Thanks James. I appreciate you looking at this and will pursue resolving our issue using the work-around you describe.
Is there somewhere b2c issues are being documented/tracked that I can monitor for progress? I have been unable to locate any such place, which was why I posted the question as "Where Do I report an AzureB2C Bug ...".
Thanks again!