I have a application registerd in Azure AD B2C, When new user logs in for the very first time he is redirected to the attached screen for updating the password. The issue here is that the user does not know what combination of password he needs to input untill and unless a specific combination works.
I need to customize this screen to display user friendly lable telling the user what combination of password he/she needs to enter on this screen.
enter image description here
With AAD B2C you can customize the user interface, which including the sign-up/sign-in, profile editing and password resetting experiences. This documentation outlines how to do the UX customization, test out the templates in the portal and has a few tutorials on setting it up.
Here are the specifics on password rule enforcement.
Related
We have implemented the split username login page, where the first page will take only username and the second page will take password and PIN, we have to add the forgot password link in the second page.
I have tried the code given in the Microsoft documentation, but that doesn't work with the username based sign in .
Could you please suggest of there are any ways to implement this?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy
I have tried the mentioned steps for username based sign in profiles, but that doesnot showing the password link in the second page.
The document you are following is correct, please try rechecking whether you have missed any step.
If you are still facing the issue, please go through the below workarounds:
Try setting up the force password reset flow by using this MsDoc.
Otherwise, try setting up Sign-up and Sign-in with embedded password reset.
To add forgot password link make use of custom policy starter pack , as it is included in all the template by default.
Make sure setting.forgotPasswordLinkLocation Metadata key is NOT present under TechnicalProfile.
Please go through below references if they are helpful,
Azure Active Directory B2C: Add Forgot password Link in my custom sign in policy - Microsoft Q&A.
Azure AD B2C Password Reset (newbedev.com).
I've been going through the Azure AD B2C samples and have put together something that uses home realm discovery:
https://github.com/azure-ad-b2c/samples/tree/master/policies/home-realm-discovery-modern
I therefore currently have two screens where on screen one I have an email input and on screen two I have a standard login form (email, password, forgot link, register link). I'd now like to expand on top of this to create a similar flow to one that Microsoft uses to split the email input and register link on the login form from the password input and forgot password link:
Screen 1: Enter email address or choose a generic provider (Azure AD,
facebook, twitter etc)
Screen 2: If email address is known, the user
will be redirected to their provider using home realm discovery,
otherwise they will enter their password.
The thing I'm having trouble with is splitting the password box from the registration link. On screen 1, I'd like to display an email input and a registration link, and on screen two I'd like to have the password input.
According to the documentation, the SignUpTarget can be enabled/disabled, but only using the unifiedssp or unifiedssd uris. When I choose this for the first screen however, the password input is always added. Is there a simple solution to this?
I'd like to have
Screen 1: Email input, registration link, no password input (plus
additional claim providers)
Screen 2: Password input, forgot password link, no registration link
Thanks for any assistance!
Right now the ProfileEdit.xml file that comes with active-directory-b2c-custom-policy-starterpack asks the user to sign in before actually letting them get to the Edit Profile page.
The use case I'm trying to accomplish is a little bit different. The user is already signed in to the app and there's a button Edit Profile that when clicked will take the user to the Edit Profile page. That is, there should be no Sign in again.
My app allows the user to sign in using: Facebook and Local Account Signin. The custom ProfileEdit B2C policy should know which one the user used to login and just redirect the user to the ProfileEdit policy directly.
I tried messing up with the ProfileEdit Technical Profile but the mods I did didn't work.
Can anyone more experienced with Azure B2C custom policies let me know how to achieve this?
This is normal, imagine someone got to the profile edit link and bookmarked it. Then logged out. Then launched profile edit -> you need them to login, otherwise things break.
So this is actually working perfectly already, just that you will get Single Sign On, such that once you have used the Sign In journey, the Profile Edit journey will skip the sign in step.
You can test it like this:
1. Open a new browser, and use the sign in journey, login and complete.
2. Open a new tab, and paste the Profile Edit link, remove the prompt=login query parameter.
3. Execute the link, you are taken straight to modifying your profile page, rather than seeing a sign in page.
I setup a password reset flow using Azure B2C and local Azure accounts that uses the user's email address and verification code. However, my client would like to have a password reset email sent to the user based on the user name, not email address. The user email would be looked-up behind the scenes and an email sent that would include a link to the password reset page as shown in the flow below.
After reading a gazillion articles on custom Azure B2C policies, I'm struggling to convince myself if it is possible to do what the client is asking for using Azure B2C.
In the sample password reset flow shown below, some of the areas I'm struggling with include:
Is it possible to create custom pages in the password reset flow such as the page in Step 4 that displays the user's masked email address, or the information page in Step 7?
Is there built-in functionality to look-up a user's email address and Active Directory Object ID based on their user name or would I have to call out to a custom Azure Function and use the Graph API to do this?
Is it possible to create and send a custom email that includes a hyperlink to the password reset page that includes the user's Active Directory Object ID as a query string parameter so the password reset page knows which user's password is being reset?
At the moment, it seems like it would be easier to create a completely custom ASP.NET MVC app to handle the requirements than it would be to use Azure B2C custom policies, but that isn't really a path I want to go down.
Is it possible to create custom pages in the password reset flow?
Yes you can create your own custom password reset user flow using azure active
directory B2C
In your case if you want to figure out your custom page you could
refer here
Is there built-in functionality to look-up a user's email address and
Active Directory Object ID based on their user name or would I have
to call out to a custom Azure Function and use the Graph API to do
this?
Using Microsoft Graph REST API you could fetch your user
information.
In your case you could use
List users
Get a user
To access user information you could also refer here in a great
details
Is it possible to create and send a custom email that includes a
hyperlink to the password reset page that includes the user's Active
Directory Object ID as a query string parameter so the password reset
page knows which user's password is being reset?
You can use the company branding feature to customize the
content of verification emails for resetting password.
Note : For better clarity you could check the Azure AD B2C: Frequently asked
questions (FAQ) before final work around Which definitely guide you to
define ultimate go ahead.
Update
As per Microsoft document right now you cannot create according to your sample exactly. See the screen shot there is and important remarks.
Thank you.
This GitHub project covers the case you describe. Still needs a lot of understanding about custom flows to get it working.
https://github.com/yoelhor/aadb2c-verification-link
I am currently trying to customise the Azure B2C Sign-In page and it seems quite restrictive. For starters the sign-in policies unlike some of the other policies does not give the option of adding a custom page to Page UI customization for “Local account sign-in page”.
enter image description here
When I try to customise the sign-in page through the classic portal I am unable to add text to the Password placeholder although I am able to change the username/email place holder text by changing the User ID Placeholder field.
enter image description here
I would also like to change the text "Can't access your account" to "Forgot your password".
Use the "Sign up & Sign In" policy for this, this is a newer type of policy, which has more of the customizations features you are asking for.
It's on the backlog of the team to fix this I was told, but the focus was on the newer policies.
For the password placeholder we had the same problem, localization isn't available yet, and there is no way to change the password label at this moment.
Since the service is GA for a few days, we'll have to wait for the new features