How to configure Password Reset policy for Azure AD B2C authentication with Power Apps portals

Hello everyone and welcome to my blog. In today’s blog I will show how to configure Password Reset policy with Azure AD B2C authentication in Power Apps portals/ power pages.

4 years back, I wrote a post how to configure Azure AD B2C authentication with portals. All the configurations described in the post still hold good although few of them you can configure through UI now.

But the post only covered Sign up and Sign In scenarios. It didn’t cover Password Reset scenario. In today’s blog I will discuss on this topic.

Password Policies are linked to SignIn policies. So to have a Password policy in place, you need to have User flow SignUp_SignIn policy created first.

Before we get started with the Password Reset policy, we need to make few changes in the Singup_SignIn policy. Open the SignUp_SignIn user flow policy that you have configured for the portal, under Settings click on Properties and then scroll down to Password Configuration section.

Check for the below screenshot.

You have two options.

  1. Self-service password reset – Choose this if you want to allow users to reset their password using the Forgot password option.
  2. Force password reset – Choose this if you want the end users whose password expired to reset their password.

Once you have enabled your desired options, save the changes.

Now that we have made changes to the Sign-In policy, it’s now time to create the Password Reset policy. For this create a new user flow and select the ‘Password reset‘ flow from the template.

Configure the flow as per the requirements.

Keep the configurations for the Password reset policy should be same as SignUp_SignIn policy flow. For example if you have enabled MFA for SignUp_SignIn flow, enable MFA here too. Additionally make sure you choose the same identity provider(s) here.

Save your changes. Once done, re-open for the Password reset flow, navigate to Properties under Settings and move to ‘Token compatibility settings’

Make sure to choose the Issuer claim with tfp endpoint as shown in the screenshot above.

Save the changes and run the user flow. Click on the link highlighted

Copy the issuer URL.

Now navigate to Power Apps maker portal and open the Authentication settings for the portal. Click to open the B2C provider you have configured.

This time we will focus on the password reset settings. You should see the below fields to configure.

  1. Default Policy id – The name of your Signup_SignIn Policy that you configured.
  2. Password Reset Policy Id – The name of your Password Reset policy that we just configured now.
  3. Valid Issuers – This is tricky one and the place where people usually make mistake. The value here is the comma separated value of <Issuer url of SigupSignIn policy>,<Issuer Url of Password reset policy>. The issuer URL of SignUp_SingIn policy, you can get it from User flows similar to thw way I got it for Password Reset flow or from the authority field of B2C configuration as shown in the below screenshot

Well, that’s it. Below is my screen for Password reset settings. Save the changes.

Now it’s time to test the configuration. This is my B2C sign in page.

I choose ‘Forgot your password’ link and I am redirected to the screen where I need to validate my email account

Once I verify my email account and click on Continue, I will get the option to reset the password.

If this post have helped, you can buy me a coffee. Links on the right panel.

For more such interesting tips on Microsoft .NET and Power Platform, subscribe to my blog. You will also check out my other posts.

Debajit Dutta
Business Solutions MVP


Discover more from Debajit's Power Apps & Dynamics 365 Blog

Subscribe to get the latest posts sent to your email.

Discover more from Debajit's Power Apps & Dynamics 365 Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading