在 Azure Active Directory B2C 中設定密碼重設流程Set up a password reset flow in Azure Active Directory B2C

開始之前,請使用上面的選取器來選擇您要設定的原則類型。Before you begin, use the selector above to choose the type of policy you’re configuring. Azure AD B2C 提供兩種方法來定義使用者與應用程式互動的方式:透過預先定義的 使用者流程,或透過完全可設定的 自訂原則Azure AD B2C offers two methods of defining how users interact with your applications: through predefined user flows, or through fully configurable custom policies. 這篇文章中所需的步驟對於每個方法都是不同的。The steps required in this article are different for each method.

密碼重設流程Password reset flow

註冊和登入旅程可讓使用者使用 [忘記密碼? ] 連結來重設自己的密碼。The sign-up and sign-in journey allows users to reset their own password using the Forgot your password? link. 密碼重設流程包含下列步驟:The password reset flow involves the following steps:

  1. 在註冊和登入頁面上,使用者按一下 [ 忘記密碼? ] 連結。From the sign-up and sign-in page, the user clicks the Forgot your password? link. Azure AD B2C 起始密碼重設流程。Azure AD B2C initiates the password reset flow.
  2. 使用者會提供並驗證其電子郵件地址,並以時間為一次的密碼。The user provides and verifies their email address with a Timed One Time Passcode.
  3. 然後,使用者可以輸入新密碼。The user can then enter a new password.

密碼重設流程

密碼重設流程適用于使用 電子郵件地址 或使用者 名稱 搭配登入密碼 Azure AD B2C 中的本機帳戶。The password reset flow applies to local accounts in Azure AD B2C that use an email address or username with a password for sign-in.

提示

自助式密碼重設流程可讓使用者在忘記密碼時變更其密碼,並想要重設密碼。The self-service password reset flow allows users to change their password when the user forgets their password and wants to reset it. 請考慮設定 密碼變更流程 ,以支援使用者知道其密碼並想要加以變更的案例。Consider configuring a password change flow to support cases where a user knows their password and wants to change it.

使用隨機密碼將使用者遷移至 Azure AD B2C 的常見作法是讓使用者驗證其電子郵件地址,並在第一次登入時重設其密碼。A common practice after migrating users to Azure AD B2C with random passwords is to have the users verify their email addresses and reset their passwords during their first sign-in. 在系統管理員變更密碼之後,也通常會強制使用者重設其密碼;請參閱 強制密碼重設 以啟用此功能。It's also common to force the user to reset their password after an administrator changes their password; see force password reset to enable this feature.

必要條件Prerequisites

新的密碼重設體驗現在是註冊或登入原則的一部分。The new password reset experience is now part of the sign-up or sign-in policy. 當使用者選取 [ 忘記密碼? ] 連結時,會立即傳送至忘記密碼體驗。When the user selects the Forgot your password? link, they are immediately sent to the Forgot Password experience. 您的應用程式不再需要處理 AADB2C90118 錯誤碼,而且您不需要個別的密碼重設原則。Your application no longer needs to handle the AADB2C90118 error code, and you don't need a separate policy for password reset.

您可以設定自助式密碼重設體驗以進行登 入 (建議的)註冊和登入 (建議的) 使用者流程。The self-service password reset experience can be configured for the Sign-in (Recommended) or Sign up and sign in (Recommended) user flows. 如果您沒有這類使用者流程,請建立登 入和註冊 使用者流程。If you don't have such a user flow, create a sign In and Sign Up user flow.

若要針對註冊或登入使用者流程啟用自助式密碼重設:To enable self-service password reset for the sign-up or sign-in user flow:

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 在入口網站工具列中選取 目錄 + 訂用帳戶 圖示,然後選取包含 Azure AD B2C 租用戶的目錄。Select the Directory + Subscription icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
  3. 在 Azure 入口網站中,搜尋並選取 [Azure AD B2C]。In the Azure portal, search for and select Azure AD B2C.
  4. 選取 [使用者流程]。Select User flows.
  5. 選取您要自訂之 建議) 類型的註冊或登入使用者流程 (。Select a sign-up or sign-in user flow (of type Recommended) that you want to customize.
  6. 在左側功能表的 [ 設定 ] 底下,選取 [ 屬性]。Under Settings in the left menu, select Properties.
  7. 在 [ 密碼複雜性] 下,選取 [ 自助式密碼重設]。Under Password complexity, select Self-service password reset.
  8. 選取 [儲存]。Select Save.
  9. 在左側功能表的 [ 自訂 ] 底下,選取 [ 頁面配置]。Under Customize in the left menu, select Page layouts.
  10. 頁面配置版本 中,選擇 [ 2.1.2-目前 ] 或 [以上]。In the Page Layout Version, choose 2.1.2 - Current or above.
  11. 選取 [儲存]。Select Save.

下列各節說明如何將自助密碼體驗新增至自訂原則。The following sections describe how to add a self-service password experience to a custom policy. 此範例是以 自訂原則入門套件中包含的原則檔案為基礎。The sample is based on the policy files included in the custom policy starter pack.

提示

您可以在 GitHub上找到完整的「使用密碼重設註冊或登入」原則的範例。You can find a complete sample of the "sign-up or sign-in with password reset" policy on GitHub.

若要向原則指出使用者已選取 [ 忘記密碼? ] 連結,請定義布林值宣告。To indicate to the policy that the user has selected the Forgot your password? link, define a boolean claim. 此宣告將用來將使用者旅程導向至忘記密碼技術設定檔。This claim will be used to direct the user journey to the Forgot Password technical profile. 此宣告也可以發給權杖,讓應用程式知道使用者是透過忘記密碼流程來登入。This claim can also be issued to the token so the application is aware that the user signed in via the Forgot Password flow.

您可以宣告 宣告架構中的宣告。You declare your claims in the claims schema. 開啟您原則的擴充檔。Open the extensions file of your policy. 例如,SocialAndLocalAccounts/TrustFrameworkExtensions.xmlFor example, SocialAndLocalAccounts/TrustFrameworkExtensions.xml.

  1. 搜尋 BuildingBlocks 元素。Search for the BuildingBlocks element. 如果此元素不存在,請加以新增。If the element doesn't exist, add it.
  2. 尋找 ClaimsSchema (機器翻譯) 元素。Locate the ClaimsSchema element. 如果此元素不存在,請加以新增。If the element doesn't exist, add it.
  3. 將下列宣告新增至 ClaimsSchema 元素。Add the following claim to the ClaimsSchema element.
<!-- 
<BuildingBlocks>
  <ClaimsSchema> -->
    <ClaimType Id="isForgotPassword">
      <DisplayName>isForgotPassword</DisplayName>
      <DataType>boolean</DataType>
      <AdminHelpText>Whether the user has selected Forgot your Password</AdminHelpText>
    </ClaimType>
  <!--
  </ClaimsSchema>
</BuildingBlocks> -->

升級頁面配置版本Upgrade the page layout version

頁面配置版本 2.1.2 在註冊或登入旅程圖中啟用自助式密碼重設流程時,需要用到。Page layout version 2.1.2 is required to enable the self-service password reset flow within the sign-up or sign-in journey.

  1. 搜尋 BuildingBlocks 元素。Search for the BuildingBlocks element. 如果此元素不存在,請加以新增。If the element doesn't exist, add it.
  2. 找出 ContentDefinitions 元素。Locate the ContentDefinitions element. 如果此元素不存在,請加以新增。If the element doesn't exist, add it.
  3. 修改 ContentDefinition 元素內的 DataURI 元素,其識別碼為 api. signuporsignin.xml ,如下所示。Modify the DataURI element within the ContentDefinition element with Id api.signuporsignin as shown below.
<!-- 
<BuildingBlocks>
  <ContentDefinitions> -->
    <ContentDefinition Id="api.signuporsignin">
      <DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:2.1.2</DataUri>
    </ContentDefinition>
  <!-- 
  </ContentDefinitions>
</BuildingBlocks> -->

若要起始 isForgotPassword 宣告,則會使用宣告轉換技術設定檔。To initiate the isForgotPassword claim, a claims transformation technical profile is used. 稍後會參考此技術設定檔。This technical profile will be referenced later. 叫用時,它會將宣告的值設定 isForgotPasswordtrueWhen invoked, it will set the value of the isForgotPassword claim to true. 尋找 ClaimsProviders 元素。Find the ClaimsProviders element. 如果此元素不存在,請加以新增。If the element doesn't exist, add it. 然後新增下列宣告提供者:Then add the following claims provider:

<!-- 
<ClaimsProviders> -->
  <ClaimsProvider>
    <DisplayName>Local Account</DisplayName>
    <TechnicalProfiles>
      <TechnicalProfile Id="ForgotPassword">
        <DisplayName>Forgot your password?</DisplayName>
        <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
        <OutputClaims>
          <OutputClaim ClaimTypeReferenceId="isForgotPassword" DefaultValue="true" AlwaysUseDefaultValue="true"/>
        </OutputClaims>
      </TechnicalProfile>
      <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
        <Metadata>
          <Item Key="setting.forgotPasswordLinkOverride">ForgotPasswordExchange</Item>
        </Metadata>
      </TechnicalProfile>
    </TechnicalProfiles>
  </ClaimsProvider>
<!-- 
</ClaimsProviders> -->

SelfAsserted-LocalAccountSignin-Email技術設定檔 setting.forgotPasswordLinkOverride 會 definers 要在使用者旅程圖中執行的密碼重設宣告交換。The SelfAsserted-LocalAccountSignin-Email technical profile setting.forgotPasswordLinkOverride definers the password reset claims exchange to be executed in your user journey.

新增密碼重設子旅程Add the password reset sub journey

您的旅程現在會包含使用者登入、註冊及執行密碼重設的功能。Your journey will now include the capability for the user to sign in, sign up, and perform password reset. 若要更妥善地組織使用者旅程圖,您可以使用 子旅程 來處理密碼重設流程。To better organize the user journey, a sub journey can be used to handle the password reset flow.

將從使用者旅程中呼叫子旅程,並將執行特定步驟來提供密碼重設體驗給使用者。The sub journey will be called from the user journey and will perform the specific steps to deliver the password reset experience to the user. 使用「 Call 型別 sub 旅程」,如此一來,一旦子旅程完成後,控制權就會傳回給起始 sub 旅程的協調流程步驟。Use the Call type sub journey so that once the sub journey completes, control is returned to the orchestration step that initiated the sub journey.

尋找 SubJourneys 元素。Find the SubJourneys element. 如果專案不存在,請將它加入專案之後 User JourneysIf the element doesn't exist, add it after the User Journeys element. 然後新增下列子旅程:Then add the following sub journey:

<!--
<SubJourneys>-->
  <SubJourney Id="PasswordReset" Type="Call">
    <OrchestrationSteps>
      <!-- Validate user's email address. -->
      <OrchestrationStep Order="1" Type="ClaimsExchange">
        <ClaimsExchanges>
          <ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
        </ClaimsExchanges>
      </OrchestrationStep>

      <!-- Collect and persist a new password. -->
      <OrchestrationStep Order="2" Type="ClaimsExchange">
        <ClaimsExchanges>
          <ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
        </ClaimsExchanges>
      </OrchestrationStep>
    </OrchestrationSteps>
  </SubJourney>
<!--
</SubJourneys>-->

準備您的使用者旅程圖Prepare your user journey

您必須 將忘記密碼的密碼連結到 忘記密碼。You'll need to connect the Forgot your password? link to the Forgot Password sub journey. 若要這樣做,請參考 CombinedSignInAndSignUp 步驟中 ClaimsProviderSelection 元素內的忘記密碼 sub 旅程識別碼。To do this, reference the Forgot Password sub journey Id within the ClaimsProviderSelection element of the CombinedSignInAndSignUp step.

如果您沒有 CombinedSignInAndSignUp 步驟的自訂使用者旅程圖,請使用下列程式來複製現有的註冊或登入使用者旅程圖。If you don't have your own custom user journey with a CombinedSignInAndSignUp step, use the following procedure to duplicate an existing sign-up or sign-in user journey. 否則,請繼續下一節。Otherwise, continue to the next section.

  1. 從 Starter Pack 開啟 TrustFrameworkBase.xml 檔案。Open the TrustFrameworkBase.xml file from the starter pack.
  2. 尋找並複製包含 Id="SignUpOrSignIn"UserJourney 元素的整個內容。Find and copy the entire contents of the UserJourney element that includes Id="SignUpOrSignIn".
  3. 開啟 TrustFrameworkExtensions.xml,並尋找 UserJourneys 元素。Open the TrustFrameworkExtensions.xml and find the UserJourneys element. 如果此元素不存在,請新增。If the element doesn't exist, add one.
  4. 貼上您在步驟2中複製的 UserJourney 元素的完整內容,以建立 >userjourneys 專案的子項目。Create a child element of the UserJourneys element by pasting the entire contents of the UserJourney element you copied in step 2.
  5. 重新命名使用者旅程圖的識別碼。Rename the Id of the user journey. 例如: Id="CustomSignUpSignIn"For example, Id="CustomSignUpSignIn".

在您的使用者旅程圖中,您可以將忘記的密碼 sub 旅程表示為 ClaimsProviderSelectionIn your user journey, you can represent the Forgot Password sub journey as a ClaimsProviderSelection. 新增此專案會將 忘記密碼? 連結連接到忘記密碼 sub 旅程。Adding this element connects the Forgot your password? link to the Forgot Password sub journey.

  1. 在使用者旅程圖中,尋找包含或的 orchestration step Type="CombinedSignInAndSignUp" 元素 Type="ClaimsProviderSelection"In the user journey, find the orchestration step element that includes Type="CombinedSignInAndSignUp" or Type="ClaimsProviderSelection". 這通常是第一個協調流程步驟。It's usually the first orchestration step. >claimsproviderselections >claimsproviderselection 元素包含使用者可以用來登入的身分識別提供者清單。The ClaimsProviderSelections element contains a list of identity providers that a user can use to sign in. 新增以下這一行:Add the following line:

    <ClaimsProviderSelection TargetClaimsExchangeId="ForgotPasswordExchange" />
    
  2. 在下一個協調流程步驟中,加入 ClaimsExchange 元素。In the next orchestration step, add a ClaimsExchange element. 新增以下這一行:Add the following line:

    <ClaimsExchange Id="ForgotPasswordExchange" TechnicalProfileReferenceId="ForgotPassword" />
    
  3. 在目前的步驟和下一個步驟之間新增下列協調流程步驟。Add the following orchestration step between the current step, and the next step. 您新增的新協調流程步驟會檢查宣告是否 isForgotPassword 存在。The new orchestration step you add, checks whether the isForgotPassword claim exists. 如果宣告存在,則會叫用 密碼重設子旅程If the claim exists, it invokes the password reset sub journey.

    <OrchestrationStep Order="3" Type="InvokeSubJourney">
      <Preconditions>
        <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
          <Value>isForgotPassword</Value>
          <Action>SkipThisOrchestrationStep</Action>
        </Precondition>
      </Preconditions>
      <JourneyList>
        <Candidate SubJourneyReferenceId="PasswordReset" />
      </JourneyList>
    </OrchestrationStep>
    
  4. 當您加入新的協調流程步驟之後,請在不略過1到 N 的任何整數的情況下,順序將步驟重新編號。After you add the new orchestration step, renumber the steps sequentially without skipping any integers from 1 to N.

設定要執行的使用者旅程圖Set the user journey to be executed

現在您已修改或建立使用者旅程圖,請在 [ 信賴 憑證者] 區段中指定 Azure AD B2C 將針對此自訂原則執行的旅程圖。Now that you've modified or created a user journey, in the Relying Party section specify the journey that Azure AD B2C will execute for this custom policy. RelyingParty 元素內,尋找 >referenceid 元素。Within the RelyingParty element, find the DefaultUserJourney element. 更新 >referenceid ReferenceId ,使其符合您在其中新增 >claimsproviderselections >claimsproviderselection 之使用者旅程圖的識別碼。Update the DefaultUserJourney ReferenceId to match the ID of the user journey in which you added the ClaimsProviderSelections.

<RelyingParty>
  <DefaultUserJourney ReferenceId="CustomSignUpSignIn" />
  ...
</RelyingParty>

指出您應用程式的忘記密碼流程Indicate the Forgot Password flow to your App

您的應用程式可能需要透過忘記密碼使用者流程來偵測使用者是否已登入。Your application might need to detect whether the user signed in via the Forgot Password user flow. IsForgotPassword 宣告包含布林值,指出此值可在傳送至應用程式的權杖中發出。The isForgotPassword claim contains a boolean value that indicates this, which can be issued in the token sent to your application. 如有必要,請將新增 isForgotPassword信賴 憑證者區段中的輸出宣告。If necessary, add isForgotPassword to the output claims in the Relying Party section. 您的應用程式可以檢查宣告 isForgotPassword ,以判斷使用者是否重設其密碼。Your application can check the isForgotPassword claim to determine if the user resets their password.

<RelyingParty>
  <OutputClaims>
    ...
    <OutputClaim ClaimTypeReferenceId="isForgotPassword" DefaultValue="false" />
  </OutputClaims>
</RelyingParty>

上傳自訂原則Upload the custom policy

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 在入口網站工具列中選取 目錄 + 訂用帳戶 圖示,然後選取包含 Azure AD B2C 租用戶的目錄。Select the Directory + Subscription icon in the portal toolbar, and then select the directory that contains your Azure AD B2C tenant.
  3. 在 Azure 入口網站中,搜尋並選取 [Azure AD B2C]。In the Azure portal, search for and select Azure AD B2C.
  4. 在 [原則] 之下,選取 [Identity Experience Framework]。Under Policies, select Identity Experience Framework.
  5. 選取 [ 上傳自訂原則],然後上傳您以下列順序變更的兩個原則檔案:Select Upload Custom Policy, and then upload the two policy files that you changed in the following order:
    1. 例如,擴充原則 TrustFrameworkExtensions.xmlThe extension policy, for example TrustFrameworkExtensions.xml.
    2. 例如,信賴憑證者原則 SignUpSignIn.xmlThe relying party policy, for example SignUpSignIn.xml.

測試密碼重設流程Test the password reset flow

  1. 選取您要測試之建議) 類型的註冊或登入使用者流程 (。Select a sign-up or sign-in user flow (of type Recommended) that you want to test.
  2. 選取 [執行使用者流程]。Select Run user flow.
  3. 針對 [應用程式],選取您先前註冊名為 webapp1 的 Web 應用程式。For Application, select the web application named webapp1 that you previously registered. Reply URL 應顯示 https://jwt.msThe Reply URL should show https://jwt.ms.
  4. 選取 [執行使用者流程]。Select Run user flow.
  5. 在 [註冊或登入] 頁面中,選取 [ 忘記密碼?]。From the sign-up or sign-in page, select Forgot your password?.
  6. 確認您先前建立之帳戶的電子郵件地址,然後選取 [ 繼續]。Verify the email address of the account that you previously created, and then select Continue.
  7. 您現在應該有機會變更使用者的密碼。You now have the opportunity to change the password for the user. 變更密碼,然後選取 [繼續]。Change the password and select Continue. 權杖會傳回到 https://jwt.ms,而且應該會向您顯示。The token is returned to https://jwt.ms and should be displayed to you.
  8. 檢查傳回權杖的宣告 isForgotPassword 值。Check the return token's isForgotPassword claim value. 如果存在且設定為 true,則表示使用者已重設密碼。If exists and is set to true, this indicates the user has reset the password.

(舊版) 的密碼重設原則Password reset policy (legacy)

如果未啟用 自助式密碼重設 體驗,按一下此連結並不會自動觸發密碼重設使用者流程。If the self-service password reset experience is not enabled, clicking this link doesn't automatically trigger a password reset user flow. 相反地,系統會將錯誤碼 AADB2C90118 傳回您的應用程式。Instead, the error code AADB2C90118 is returned to your application. 您的應用程式需要重新初始化驗證程式庫以驗證 Azure AD B2C 密碼重設使用者流程,以處理此錯誤碼。Your application needs to handle this error code by reinitializing the authentication library to authenticate an Azure AD B2C password reset user flow.

在下圖中:In the following diagram:

  1. 從應用程式中,使用者按一下 [登入]。From the application, the user clicks on sign-in. 應用程式會起始授權要求,並讓使用者 Azure AD B2C 完成登入。The app initiates an authorization request, and takes the user to Azure AD B2C to finish signing in. 授權要求會指定註冊或登入原則名稱,例如 B2C_1_signup_signinThe authorization request specifies the sign-up or sign-in policy name, such as B2C_1_signup_signin.
  2. 使用者選取 [ 忘記密碼? ] 連結。The user selects the Forgot your password? link. Azure AD B2C 會將 AADB2C90118 錯誤碼傳回給應用程式。Azure AD B2C returns the AADB2C90118 error code to the application.
  3. 應用程式會處理錯誤碼,並起始新的授權要求。The application handles the error code and initiates a new authorization request. 授權要求會指定密碼重設原則名稱,例如 B2C_1_pwd_resetThe authorization request specifies the password reset policy name, such as B2C_1_pwd_reset.

舊版密碼重設使用者流程

若要查看範例,請查看 簡單的 ASP.NET 範例,其中會示範使用者流程的連結。To see an example, take a look at a simple ASP.NET sample, which demonstrates the linking of user flows.

建立密碼重設使用者流程Create a password reset user flow

若要讓應用程式的使用者重設其密碼,您可以建立密碼重設使用者流程。To let users of your application reset their password, you create a password reset user flow.

  1. 在 Azure AD B2C 租用戶的 [概觀] 功能表中,選取 [使用者流程],然後選取 [新增使用者流程]。In the Azure AD B2C tenant overview menu, select User flows, and then select New user flow.
  2. 在 [建立使用者流程] 頁面上,選取 [密碼重設] 使用者流程。On the Create a user flow page, select the Password reset user flow.
  3. 在 [選取版本] 底下,選取 [建議],然後選取 [建立]。Under Select a version, select Recommended, and then select Create.
  4. 輸入使用者流程的 [名稱]。Enter a Name for the user flow. 例如,passwordreset1For example, passwordreset1.
  5. 針對 [識別提供者]啟用 [使用電子郵件地址重設密碼]。For Identity providers, enable Reset password using email address.
  6. 在 [ 應用程式宣告] 下,選取 [ 顯示更多 ],然後選擇您想要在授權權杖中傳回給應用程式的宣告。Under Application claims, select Show more and choose the claims you want returned in the authorization tokens sent back to your application. 例如,選取 [使用者的物件識別碼]。For example, select User's Object ID.
  7. 選取 [確定]。Select OK.
  8. 選取 [建立] 以新增使用者流程。Select Create to add the user flow. 名稱前面會自動加上前置詞 B2C_1A prefix of B2C_1 is automatically appended to the name.

測試使用者流程Test the user flow

  1. 選取您所建立的使用者流程以開啟其 [總覽] 頁面,然後選取 [ 執行使用者流程]。Select the user flow you created to open its overview page, and then select Run user flow.
  2. 針對 [應用程式],選取您先前註冊名為 webapp1 的 Web 應用程式。For Application, select the web application named webapp1 that you previously registered. Reply URL 應顯示 https://jwt.msThe Reply URL should show https://jwt.ms.
  3. 按一下 [ 執行使用者流程],確認您先前建立之帳戶的電子郵件地址,然後選取 [ 繼續]。Click Run user flow, verify the email address of the account that you previously created, and then select Continue.
  4. 您現在可以變更使用者的密碼。You can now change the password for the user. 變更密碼,然後選取 [繼續]。Change the password and select Continue. 權杖會傳回到 https://jwt.ms,而且應該會向您顯示。The token is returned to https://jwt.ms and should be displayed to you.

建立密碼重設原則Create a password reset policy

自訂原則是一組您上傳至 Azure AD B2C 租使用者以定義使用者旅程的 XML 檔案。Custom policies are a set of XML files you upload to your Azure AD B2C tenant to define user journeys. 我們提供的入門套件包含數個預先建立的原則,包括:註冊和登入、密碼重設和設定檔編輯原則。We provide starter packs with several pre-built policies including: sign-up and sign-in, password reset, and profile editing policy. 如需詳細資訊,請參閱 Azure AD B2C 中的開始使用自訂原則For more information, see Get started with custom policies in Azure AD B2C.

下一步Next steps

設定 強制密碼重設Set up a force password reset.