Share via

Azure AD B2C - Prevent email change in password reset journey using custom policy

Gangarde, Sachin 60 Reputation points
2024-12-27T22:42:52.8966667+00:00

We are using custom policies to allow users to reset their password. In the journey, when user is resetting the password, it provides a step to change the username/email, which we don't want to offer to end user.

Is there any way to prevent that step to be shown to user or remove from password reset user journey?

Below is the code for the same.

<UserJourney Id="PasswordReset">
	<OrchestrationSteps>
		<OrchestrationStep Order="1" Type="ClaimsExchange">
			<ClaimsExchanges>
				<ClaimsExchange Id="PasswordResetUsingEmailAddressExchange" TechnicalProfileReferenceId="LocalAccountDiscoveryUsingEmailAddress" />
			</ClaimsExchanges>
		</OrchestrationStep>
		
		<OrchestrationStep Order="2" Type="ClaimsExchange">
			<Preconditions>
				<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
					<Value>objectId</Value>
					<Action>SkipThisOrchestrationStep</Action>
				</Precondition>
			</Preconditions>
			<ClaimsExchanges>
				<ClaimsExchange Id="SelfAssertedRegError" TechnicalProfileReferenceId="SelfAsserted-RegError" />
			</ClaimsExchanges>
		</OrchestrationStep>

  		<OrchestrationStep Order="3" Type="ClaimsExchange">
			<ClaimsExchanges>
				<ClaimsExchange Id="NewCredentials" TechnicalProfileReferenceId="LocalAccountWritePasswordUsingObjectId" />
			</ClaimsExchanges>
		</OrchestrationStep>
		<OrchestrationStep Order="4" Type="SendClaims" CpimIssuerTechnicalProfileReferenceId="JwtIssuer" />
	</OrchestrationSteps>
	<ClientDefinition ReferenceId="DefaultWeb" />
</UserJourney>
Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
732 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,690 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Navya 14,045 Reputation points Microsoft Vendor
    2024-12-30T20:05:45.03+00:00

    Hi @Gangarde, Sachin

    Thank you for posting this in Microsoft Q&A.

    I understand that you're concerned about a step in the password reset user journey that allows the user to change their username/email, which you don't want to offer to the end user. You're looking for a way to prevent this step from being shown to the user during the password reset user journey.

    Yes, you can hide the step to change the username/email from the password reset user journey. By default, even after the email is verified, the user can still select the "Change email" button. To find the name of the button, you can inspect the page source on the sign-up page using a browser tool like Inspect.

    If you'd like to hide the "Change email" button, you can modify the CSS to hide the associated HTML elements in the dialog. For example, you can add the following CSS entry to selfAsserted.html and customize the user interface using HTML templates.

    <style type="text/css">
   .changeClaims
   {
     visibility: hidden;
   }
</style>

    For your reference: https://zcusa.951200.xyz/en-us/azure/active-directory-b2c/customize-ui-with-html?pivots=b2c-user-flow

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.