Password reset custom policy - pass validated email id in multiple orchestration steps

0
votes

I am working on a email or phone custom policy and able to make it work for Signin Flow but while working on password reset for the same approach email Id is not getting passed in orcahestration step.

When the user clicks on password reset He is presented with a screen to validate email. Once the user validates the email id he is presented with a screen to either select Email or Phone as a multi factor option. enter image description here

If the user selects Phone everything is working fine but when Email is selected the text box is not able to retain the email id validated in first step.

enter image description here

I am using the same sign in flow https://github.com/azure-ad-b2c/samples/tree/master/policies/mfa-email-or-phone for password reset as I wanted the same behavior but not able to find the exact issue. Any help is appreciated. Thanks in advance!

1
azure-ad-b2cazure-ad-b2c-custom-policy

1 Answers

1
votes

You need to populate the readOnlyEmail claim before getting to the emailVerification page.

See how this is done for Sign Up

        <TechnicalProfile Id="SelfAsserted-LocalAccountSignin-Email">
          <OutputClaimsTransformations>
            <OutputClaimsTransformation ReferenceId="CopySignInNameToReadOnly" />
          </OutputClaimsTransformations>
        </TechnicalProfile>

You need to do the exact same as this, but for the Technical Profile name which occurs before the 2nd screenshot, and on or after a technical profile where the email was collected.