AADB2C: Force password reset
Add the ability to force user's to reset password at next login. It would be ideal if this was available for both individual users as well as in bulk. This is necessary for situations such as credential leaks, etc.
We have started the planning for this feature and hope to have a preview by the end of the calendar year. In the meantime, could you respond to firstname.lastname@example.org with the answers to the following questions:
- In which scenarios do you plan to force the user to change his/her password?
- What kind of information (if any) would you like to get back if the user goes through the reset flow?
- Do you currently or plan to track which users have reset their password?
Simon Clarke commented
I agree with the previous 2 posts. I'm following the same Microsoft documentation, but this feature isn't working.
New B2C tenant, using the recommended signin user flow, with all the latest screen versions, including one called "Update expired password page" v2.1.4.
Michał M commented
Same issue here.
Flag on user is being set correctly but only 'password is expired' message i being shown.
Mike Loffland commented
The documentation at: https://docs.microsoft.com/en-us/azure/active-directory-b2c/force-password-reset?pivots=b2c-user-flow#overview does not work at all.
"When an administrator resets a user's password via the Azure portal, the value of the forceChangePasswordNextSignIn attribute is set to true.
The sign-in and sign-up journey checks the value of this attribute. After the user completes the sign-in, if the attribute is set to true, the user must reset their password. Then the value of the attribute is set to back false."
We followed the documentation 10 times over... after we "reset a user's password via the Azure portal" and attempt to login using said user... we only get an error message that says "Password is expired" (Screenshot 2021-03-23 161842.jpg attached) . The user is never prompted with a dialog to change their password as is presented in the documentation link above (xScreenshot 2021-03-23 162000.jpg screenshot attached).
Kevin Cathcart commented
This feature seems to exist already. In your flow, enable the "Forced password reset (Preview)" feature, which will cause users to need to change their passwords if they expire. However, time based password expiration is not enabled on users created in the built in flows, so the only way their passwords be expired is by using the graph API to expire it, or by using the reset password feature to get a temporary password.
Roshan Maddumage commented
2021 has started, Any updates on this feature?.
Jonathan Baggaley commented
After talking to the azure devops twitter account, I have submitted a request to update this thread on https://docs.microsoft.com/en-us/answers/questions/255679/aadb2c-force-password-reset-please-can-you-update.html so hopefully we will see some progress soon
Any update on this feature, this is a show stopper as our governance team mandates this where passwords are supposed to reset after 90 days
Vijay Rathna commented
Any update on this feature ??
Looking forward to gifting this feature to my loved ones for Christmas 2020!
End of calendar year 2020 calling.
Ben Silverman commented
Has this feature been implemented yet?
Jonathan Baggaley commented
Creating an account with a temporary password that has to be changed on first log in.
Only need to get back the email and object id
Password expiry date (e.g. standard rotation of pw every n days)
Don't care about which ones because once their password has expired or they are using a temporary password they will be forced to change it.
Hardik Shah commented
Is this feature implemented yet?
Is there any update on this thread?
Looking forward to seeing this feature implemented
Ash Tappin commented
This feature would be very useful!
Aren't you implementing this feature?
Gabriele Westh Mannucci commented
Need this now! please!
Hello? I'm surprised that the "Enterprise" level product to does not have this feature... Even Windows NT was able to do that one click.....
This is a disgrace, 18 months and still in planning ? do you realize that people's businesses and projects are actually relying on you ? do you realize that projects have actual deadlines ?
If you are going to implement it, please update your customers with a reasonable ETA, if you're not, just say so, and people will adapt (probably switch to other products).
What a joke.