Azure AD B2C: Invalid password error when account is created using Userflows and logging in with Custom policies

Hi All, we are trying to use Azure AD B2C for authentication in our web application. The application was initially configured to use "Userflows" and then we had to switch to "Custom policies" because of a blacklisting domain feature which was not possible with Userflows. Now when a user tries to login using a Local account using custom policies, it throws an error "Invalid password". Although a user who does a signup using Custom policies, the signin works as expected. Is there a way in which we can make the signin work for user that was created using Userflows and tries to signin using custom policies? Or is there a way to migrate accounts from userflows to custom policies.

1 answer

Theophilus Sawyerr 0 Reputation points

2024-11-11T09:37:30.4+00:00

Hi @Komanduri, Krishna Rohit, Celanese

Unfortunately, there is no direct, automated migration process from User Flows to Custom Policies within Azure AD B2C. However, a common approach is to prompt users to reset their passwords. By implementing a password reset flow within the Custom Policy, users can reset their passwords, which updates the hash to match the Custom Policy configuration. This way, their accounts become compatible with the Custom Policy authentication. However, if you need to retain the original passwords without requiring resets, consider implementing a custom password migration strategy.

I hope the above helps
Please sign in to rate this answer.
Komanduri, Krishna Rohit, Celanese 0 Reputation points

2024-11-11T09:49:26.49+00:00

Hi @Theophilus Sawyerr , thank you so much for the answer. I tried this approach out but please let me know if my understanding is correct. If I try to set the force password reset on next sign in to true, the user would be forced to reset password, although that happens only after the user completes the sign-in. Currently the users who signed-up using Userflows are unable to sign-in using Custom policies. Is there a way in which we can force users to reset password without actually having to login using the above force password reset on next sign-in approach? Thanks in advance!

Raja Pothuraju 8,265 Reputation points Microsoft Vendor

2024-11-12T14:57:02.01+00:00

Hello @Komanduri, Krishna Rohit, Celanese,

Thank you for posting your query on Microsoft Q&A.

If you set up a password reset flow using a custom policy, users won’t need to log in to reset their password. Instead, they can reset their own password by verifying the code sent to their email.

For more details, you can refer to the documentation here: Set up a password reset policy in Azure AD B2C.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

Thanks,
Raja Pothuraju.

Komanduri, Krishna Rohit, Celanese 0 Reputation points

2024-11-12T15:12:12.5233333+00:00

Hello @Raja Pothuraju ,

Thanks much for your answer. I think my description had an ambiguity. What I was trying to say is that, when a user has currently signed up using Userflows and trying to sign in using Custom Policies, although we already have the password reset policy, it wouldn't be user friendly to send email communication to all users to reset their password. When the user tries to sign-in now, they would be shown with an error "Invalid password" although they are entering the right password (in their perspective).

I'm checking if it's possible to do it via a mechanism force password reset on next sign in or any password migration so that it doesn't affect the end user experience. Thanks in advance!
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Azure AD B2C: Invalid password error when account is created using Userflows and logging in with Custom policies

1 answer

Your answer