Select Language:
If you’re using Microsoft Azure AD B2C and want to customize your password reset process by sending branded emails through your own service, here’s a simple step-by-step guide to help you set it up.
Azure AD B2C now supports integrating your own email service via APIs during password reset flows. You can still generate verification codes using B2C’s B2C built-in features, but the email sending can be hooked up to your custom service, giving you full control over the branding and delivery.
First, you’ll need to update your policy to include some new claims. These claims will store the verification code and the generated OTP. To do this, add the following claims to your extension policy:
xml
Next, update your self-asserted content definition (used during the password reset) to load your custom reset page. Make sure your content definition references the correct URL of your hosted reset page:
xml
Now, create a display control that will manage the email verification UI. This control will handle the email input and verification code input, along with actions to send the verification code and verify it.
xml
To generate and verify OTPs, you need to set up a ClaimsProvider with two technical profiles: one for generating the code and another for verifying it.
Here’s what the ClaimsProvider might look like:
xml
Next, define a REST API technical profile that will send the verification email by calling your backend. Your API should accept a simple JSON payload with the email address and the code, then send the email accordingly:
xml
For your password reset flow, you need to override the default local account discovery step. Attach the display control you created earlier by referencing it in the displayclaims section—remember, do not use DisplayControlReferences, only DisplayClaims. This ensures the custom UI pops up during reset:
xml
Finally, create a simple Azure Function or API endpoint that interacts with your email service. It should accept JSON with the structure:
json
{
“to”: “[email protected]”,
“code”: “123456”
}
The function will process and send out the email. If everything works as intended, Azure AD B2C will call your API during the password reset flow to send branded emails to your users, providing a seamless, customized experience.
For more detailed guidance and sample code, you can check this walkthrough: [Link to detailed article].
Hope this helps you get started on customizing your password reset process!
Add us on ChatGPT
Add us on Perplexity
