Thanks @amanpreetsingh-msft .
I've tried with only <SingleSignOn Scope="Suppressed" />, still this causes as the same error mentioned on above screen-shot.
Is there any dependency that I need to verify/check when using <SingleSignOn Scope="Suppressed" /> please? Thanks.
Excellent, thanks @amanpreetsingh-msft . This is really helpful, you have saved my time. thanks again.
@Jason-MSFT
Sorry, bit confused on this.
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-policy explains the default password expiry duration is 90 days.
I'm using B2C custom policies, does this SSPR default 90 days not applicable for B2C Local Accounts?
SSPR policy for standard AD users and SSPR B2C tenant user are different?
Could you please clarify this?
Password expiry duration (Maximum password age)
Default value: 90 days.
The value is configurable by using the Set-MsolPasswordPolicy cmdlet from the Azure Active Directory Module for Windows PowerShell.
Thanks.
@amanpreetsingh-msft Sorry, I can see this is the solution posted on last year, Is this is the up to date solution still?
i.e. Just curious that still this is the only possible way to require users to reset their passwords at first logon is by using custom policy: https://github.com/azure-ad-b2c/samples/tree/master/policies/force-password-reset-first-logon.
Thanks for the confirmation Aman.
Would it be worth a try for me to create the B2C signinsignup custom policy for sign in with magic link please?
I hope this will meet my expectation when B2C customer user sign-in OR sign-up they will receive one-time passcode similar to B2B guest user?
I'm trying to implement this for my SAML based application B2C custom policy. Thanks again.
Ref:
https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link
https://docs.microsoft.com/en-us/azure/active-directory-b2c/one-time-password-technical-profile
https://github.com/azure-ad-b2c/samples/tree/master/policies/passwordless-email
Thanks Aman, Great guidance. I will try with first option as its seems to be less complicated by maintaining the custom policies.
Another reason behind for preferring option-1, I'm using Idp initiated sign-in URL by following below syntax. Option-1 allows distinguish the filename B2C_1A_SIGNUP_SIGNIN1 and specify it in below URL ?
i.e. https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN1/generic/login?EntityId=app-identifier-uri
P.S: I appreciate if you can check another related question linked with this idp initiated URL please? https://docs.microsoft.com/en-us/answers/questions/513010/how-to-pass-login-hint-when-using-idp-initiated-si.html
Thanks again.
Regards.
Thanks @amanpreetsingh-msft - I am trying to follow the steps #1 and #2 as you suggested, getting the below error after applying these changes. Any suggestions pls? - Thanks again.
<UserJourneyBehaviors>
<SingleSignOn Scope="Suppressed" />
<SessionExpiryType>Absolute</SessionExpiryType>
<SessionExpiryInSeconds>1800</SessionExpiryInSeconds>
<ScriptExecution>Allow</ScriptExecution>
</UserJourneyBehaviors>
<Metadata>
<Item Key="IdpInitiatedProfileEnabled">true</Item>
<Item Key="setting.showCancelButton">false</Item>
<Item Key="ForceAuthN">true</Item>
</Metadata>