Is there any way to reset a B2C user’s password from a b2c app granted only application permissions for Microsoft Graph?
We have a scenario where there are non email users in a multi-tenant app and we need to allow admins to reset passwords. To provide user management features we have an app service which uses the .net Microsoft.Graph SDK. It seems the only way to reset a users password is to use resestPassword, but this cannot be called by an Application.
As far as I can see the only option open to us is to setup a user for this task and store their details in Azure Key vault, then have the app sign in as the user to call the endpoint.
I would really like to avoid this approach if possible and it seems like this must be a common scenario so I am hoping there is a better way?
2
Answers
Hi you can use update user to reset a B2C user’s password.
For more information: https://learn.microsoft.com/en-us/graph/api/user-update?view=graph-rest-1.0&tabs=http#permissions
I tried to reproduce the same in my environment and got the results like below:
Resetting the users password with Application permissions will lead to the below error:
Alternatively, I created an Azure AD Application and granted below API permissions:
Grant User Administrator role to the Service principal like below:
Now generate the access token via Client Credential flow using below parameters:
Using the above generated token, try resetting the password using the below query:
You can use
forceChangePasswordNextSignIn
parameter based on your requirement.References:
Azure Reset Password using Graph API by CarlZhao-MSFT
Reset a user’s password in ADB2C using MS Graph API by kh_Ro