Hi @Jayde Nienaber ,
If you have MFA enabled this is the default behavior and a known issue. If you are using the SignUp-SignIn policies while resetting the password using SSPR for B2C, the default behavior for the password reset flow using SignUp-SignIn policies is that you will enter the email and password and confirm the new password. If MFA is enabled for your SignUp-SignIn policy and you try to reset the password, you will first go to the default flow for SSPR, enter your email address, receive the code sent to your email, and after you enter the code you will go to the MFA page.
You should be able to resolve this by setting the MFA enforcement to "off."
If this does not work or your scenario does not support this, another workaround is to have two separate policies (one for sign-up and sign-in with MFA and another for password reset with MFA disabled), or to use custom policies.
See related:
Verification Twice
SocialAndLocalAccountsWithMfa
-
If the information helped you, please Accept the answer. This will help us and other community members as well.