AD B2C forceChangePasswordNextLogin for user flow “Sign in v2” doesn't initiate a password reset and prevents a successful login

Question

I am creating new users in Azure AD B2C using the graph client api. The json i send to the api looks like the following:

{
    \"creationType\": \"LocalAccou         


        

Answer 1

Rather than setting passwordProfile.forceChangePasswordNextLogin to true, you can create a custom attribute (e.g. ForceResetPasswordNextLogin), set this to true when you create the local account, and then issue this as an application claim from the sign-in policy to your B2C application. After sign-in, if it is set to true, then your B2C application can initiate the password reset policy. After password reset, then your B2C application can set it to false.

You can otherwise consider a custom policy from the starter pack that includes a password change step.

Answer 2

Not an out of the box solution but there's this custom sample SingUpOrSigin policy which shows how to achieve this:

Azure AD B2C: Force password reset first logon