I would like to disable or modify the regex check for the username in the custom "forgot your password" page in B2C. I am using the standard template resetpassword.html ... I have usernames that begins with an underscore in my web application
I am getting the following validation message when trying to change the password for users with usernames beginning with an underscore
"The username you provided is not valid. It must begin with an alphabet or number and can contain alphabets, numbers and the following symbols: _ -"
For all other usernames that does not begin with an underscore, I have no issues resetting the password via the custom resetpassword.html page.
BTW my password reset policy's custom UI for forgot password points to this resetpassword.html
Any help would be appreciated
You can change the default behavior with custom policies. Please check the azure documentation here
Related
We have implemented the split username login page, where the first page will take only username and the second page will take password and PIN, we have to add the forgot password link in the second page.
I have tried the code given in the Microsoft documentation, but that doesn't work with the username based sign in .
Could you please suggest of there are any ways to implement this?
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-custom-policy
I have tried the mentioned steps for username based sign in profiles, but that doesnot showing the password link in the second page.
The document you are following is correct, please try rechecking whether you have missed any step.
If you are still facing the issue, please go through the below workarounds:
Try setting up the force password reset flow by using this MsDoc.
Otherwise, try setting up Sign-up and Sign-in with embedded password reset.
To add forgot password link make use of custom policy starter pack , as it is included in all the template by default.
Make sure setting.forgotPasswordLinkLocation Metadata key is NOT present under TechnicalProfile.
Please go through below references if they are helpful,
Azure Active Directory B2C: Add Forgot password Link in my custom sign in policy - Microsoft Q&A.
Azure AD B2C Password Reset (newbedev.com).
When i read the documentation from microsoft for Azure B2C, it mentions that we can collect user attributes during the sing up flow.
I have a requirement where i need to get a input from the user during the sign in flow. Other than the username and password entered during the sign in, i need the user to enter another field.
Is there an option to do the above in the sign in flow?
You need to use a custom policy.
It will allow you to add any extra pages and/or logic to any journey.
Samples: https://github.com/azure-ad-b2c/samples
Another way of collecting user input (eg. an additional field in the sign-up form) during sign-up without using custom policies is as follows:
In the Azure B2C set up an additional User Attribute of the type String
In the specific sign-in flow require this User Attribute to be collected.
If needed, you can customize the wording and default values used in the form by supplying a language override in the specific flow.
I am using migration to create users in azure b2c from the legacy database. I have some users with nordic characters å, ø, and æ in their username. I was able to create the users in azure b2c and when I search for users with graph API I see the username has those characters in it.
I have created a custom policy for logging in. It works for all the users with regular English alphabet uesrname. But, when trying to log the user with nordic characters in, it says account not detected. Somehow the username with nordic characters didn't match with the input provided.
For example, if the username is pål in azure b2c, correct input of username pål and password won't work but username pal would work.
How can I allow nordic username input to log in with custom policy?
Did you try using the latest version of the HTML Page Layout? As mentioned here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/page-layout#self-asserted-page-selfasserted version 2.1.2 fixed the localization encoding issue for languages.
Always use latest layout version in your policies.
When signing up a new user, the password field is setup to require a complex password. While entering the information a warning pops up if the field does not match the security pattern. If the user ignores that and tries to create the account, the warning about the password disappears and the heading says "One or More Fields are filled out incorrectly. Please check your entries and try again".
Problem is we are getting support calls from new users that can't create accounts because the warning about which specific field causing the error is hidden. They are left to guess which field is filled out incorrectly. Why does the B2C signup flow hide the fact that the passwords are not strong enough after they continue?
Thanks,
J
Yeah, I'm running into this as well. It's not a very good error message for a password not meeting the complexity requirements.
However, it is possible to modify the error message via the "Language Customization" feature.
It's a part of the user flow "Languages" tab.
The docs for language customization are here:
https://learn.microsoft.com/en-gb/azure/active-directory-b2c/language-customization?pivots=b2c-user-flow
The feature is also available for custom policies.
I setup a password reset flow using Azure B2C and local Azure accounts that uses the user's email address and verification code. However, my client would like to have a password reset email sent to the user based on the user name, not email address. The user email would be looked-up behind the scenes and an email sent that would include a link to the password reset page as shown in the flow below.
After reading a gazillion articles on custom Azure B2C policies, I'm struggling to convince myself if it is possible to do what the client is asking for using Azure B2C.
In the sample password reset flow shown below, some of the areas I'm struggling with include:
Is it possible to create custom pages in the password reset flow such as the page in Step 4 that displays the user's masked email address, or the information page in Step 7?
Is there built-in functionality to look-up a user's email address and Active Directory Object ID based on their user name or would I have to call out to a custom Azure Function and use the Graph API to do this?
Is it possible to create and send a custom email that includes a hyperlink to the password reset page that includes the user's Active Directory Object ID as a query string parameter so the password reset page knows which user's password is being reset?
At the moment, it seems like it would be easier to create a completely custom ASP.NET MVC app to handle the requirements than it would be to use Azure B2C custom policies, but that isn't really a path I want to go down.
Is it possible to create custom pages in the password reset flow?
Yes you can create your own custom password reset user flow using azure active
directory B2C
In your case if you want to figure out your custom page you could
refer here
Is there built-in functionality to look-up a user's email address and
Active Directory Object ID based on their user name or would I have
to call out to a custom Azure Function and use the Graph API to do
this?
Using Microsoft Graph REST API you could fetch your user
information.
In your case you could use
List users
Get a user
To access user information you could also refer here in a great
details
Is it possible to create and send a custom email that includes a
hyperlink to the password reset page that includes the user's Active
Directory Object ID as a query string parameter so the password reset
page knows which user's password is being reset?
You can use the company branding feature to customize the
content of verification emails for resetting password.
Note : For better clarity you could check the Azure AD B2C: Frequently asked
questions (FAQ) before final work around Which definitely guide you to
define ultimate go ahead.
Update
As per Microsoft document right now you cannot create according to your sample exactly. See the screen shot there is and important remarks.
Thank you.
This GitHub project covers the case you describe. Still needs a lot of understanding about custom flows to get it working.
https://github.com/yoelhor/aadb2c-verification-link