I am trying to understand how to estimate (cost) Password change / reset functionality in AAD B2C.
Can someone help me on this? Are these based again on Authentication?
Thanks in advance!
Related
I have configured a Sign in custom policy in Azure B2C. Customer wants lock out the account if they enter wrong password three times during sign in.
I have tried Password Protection in Azure Azure B2C authentication. Follows below document to configure the password protection.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/threat-management
I have entered the password many times and it still showing "The username or password provided in the request are invalid"
Can anyone help me to troubleshoot this issue.
Thanks in advance!
Password Protection Configuration
I'm trying to change the way the password is reset by the user on Azure AD B2C.
Today, the user receives a code by email, and he has to paste it.
My client wants the user to receive an email with a link to type a new password.
You can modify the policy to achieve their scenario.
You need to use "magic links" as described here:
https://github.com/azure-ad-b2c/samples/tree/master/policies/invite
Please let me know if you still need any help.
I need to know Azure Service Principal password after creating time
I searched on internet but I didnt find any solution
Is this possible? The only way is to reset password?
Thanks
No, you cannot recover client secrets / password credentials.
They are only shown once after creation.
You need to create a new secret and delete the old one.
I have a user who is both a co-admin in the Azure subscription as well as a global admin in the AD tenant in question. I need for him to be able to reset passwords for users, but that button appears to be disabled for him. Any assistance would be greatly appreciated, thank you!
Based on the test, reset password feature is not able for the new Azure portal which in preview. You can reset the password for users from the old portal.
Note: it is also not able to reset the password for the users which synced from on-premise. You need to manage the password for these users from on-premise.
I don't know if there is a solution to revoke a refresh token when :
- a user reset its own password with the reset password policy ?
- a user change its own password with a specific form based on Graph API ?
I think it must be implemented for security reason but I don't if it's possible for now and if not when will it be available ?
Thanks in advance
I found a similar questions to your question Costs of B2C and Refresh tokens.
The essential part of the answer from the other question is:
The log out the web application won’t revoke the token. Azure AD doesn’t support revoking the token at present. However, we can clear the token cache if you doesn’t want users to user the token.
I did some own tests using the Azure AD Graph API and was unable to get the refresh token to expire, even when resetting the password of the user accessing the resources.
As far as I know, there doesn't seem to be any way to expire the token at the moment, except for contacting Azure support and having them expire the token.