This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 37%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi,
For federated identities with B2C, how does the password reset work ? For example; if Azure AD is configured as an identity provider in B2C then when the user logs in and tries to perform password reset I believe it always redirects the user to their Azure AD tenant to perform SSPR. Hence P1 license in Azure AD is consumed and not B2C licensing. Please confirm.
Thanks
@robcool
Thank you for your post and I apologize for the delayed response!
If a user needs to reset their password - for example an identity logging into B2C via an external account (Azure AD, personal account, etc.), the user should be redirected (asked) to contact their administrator to reset their password. In other words, the user (Azure AD, personal account, etc.) will need to reset their password within their specific tenant/ source of authority, which will leverage that tenant's licensing/SSPR flow. Lastly, the B2C password reset flow and password change flow only work with local B2C accounts.
When it comes to How the password reset process works for federated identities, SSPR will check to see if the user's password is managed on-premises, such as if the Azure AD tenant is using federated, pass-through authentication, or password hash synchronization:
For more info - SSPR FAQs
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
Thanks @JamesTran-MSFT
For conditional access policy implementation (in case of Azure AD federated identity) for B2C fronted application, is that also something that needs to be configured within specific Azure AD tenant ( & not Azure B2C ) considering the fact that user authentication happens at the source tenant ?
Please confirm.
Thank you for following up on this!
When it comes to B2C Conditional Access policy implementation, this'll still need to be configured within your B2C tenant if you want to manage risky sign-ins to your applications. For more info.
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.