@robcool
Thank you for your post and I apologize for the delayed response!
If a user needs to reset their password - for example an identity logging into B2C via an external account (Azure AD, personal account, etc.), the user should be redirected (asked) to contact their administrator to reset their password. In other words, the user (Azure AD, personal account, etc.) will need to reset their password within their specific tenant/ source of authority, which will leverage that tenant's licensing/SSPR flow. Lastly, the B2C password reset flow and password change flow only work with local B2C accounts
.
When it comes to How the password reset process works for federated identities, SSPR will check to see if the user's password is managed on-premises, such as if the Azure AD tenant is using federated, pass-through authentication, or password hash synchronization:
- If SSPR writeback is configured and the user's password is managed on-premises, the user is allowed to proceed to authenticate and reset their password.
- If SSPR writeback isn't deployed and the user's password is managed on-premises, the user is asked to contact their administrator to reset their password.
For more info - SSPR FAQs
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.