Avoid verification code emails when the user is not registered in Azure AD B2C

0
votes

Azure B2C is gives a false impression that the user is in the directory when they try to reset their password.

Following is steps in reset password: 1) User clicks the Reset Password link

2) B2C presents a page with “Email Address” field and says “Verification is necessary. Please click Send button.”

3) User enters his email address and clicks “Send Verification Code”

4) B2C sends the verification code this that email address (Even if no user is associated with that email address. This is where the user thinks he is registered with the system)

5) Now the user enters the verification code he received and click “Verify Code”

6) B2C validated the code and says “E-mail address verified. You can now continue” (This is the step where they become confident that they exist in the system)

7) Now when the users click “Continue” they get the error “An account could not be found for the provided user ID.” As given in the screenshot.

Confirming an email that is not associated with a user completely confuses them. i found this solution but not getting exactly how to use these policy along with my current policy

1
azureazure-active-directoryazure-ad-b2c

1 Answers

1
votes

Based on this solution, you need to use the following XML snippet to implement it:

<Action Id="SendCode">
    <ValidationClaimsExchange>
        <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AAD-UserReadUsingEmailAddress-emailAddress" />
        <ValidationClaimsExchangeTechnicalProfile TechnicalProfileReferenceId="AadSspr-SendCode">
        <Preconditions>
            <Precondition Type="ClaimsExist" ExecuteActionsIf="false">
            <Value>objectId</Value>
            <Action>SkipThisValidationTechnicalProfile</Action>
            </Precondition>
        </Preconditions>
        </ValidationClaimsExchangeTechnicalProfile>
    </ValidationClaimsExchange>
</Action>

So you should begin with adding "emailVerificationControl" into the "LocalAccountDiscoveryUsingEmailAddress" TechnicalProfile.

Just adding line 163-165 to the place behind line 890.

And you need to add DisplayControls into your TrustFrameworkExtensions.xml file so that it could be referenced.

If there are any other references, you should also add them to the corresponding position.