Forum Discussion
Azure SSPR User Experince Issue
Hi All,
We are configuring Azure SSPR for a customer. We set authentication methods using phone number when they join the organisation and send the SSPR link so that they can set their own new password. We are seeing a page(Page we are seeing.png in the attachment) where it comes up with "I forgot my password" and "I know my password but still can't log in" misinterpreting that user has already set the password. We expect the(expected page.png -attachment) page where it straight away takes the user to verification step using phone number and set their first password.
We tried forcing the user to change password at next logon which didn't help and tweaked few other setting Password reset as well but no luck.
Is there any setting on a user or configuration in Azure AD to force the expected page to be visible when the user inputs their id?
Password write back is enabled to AD from Azure.
Any input is appreciated..Thanks!!
4 Replies
- Hi srinivasyk
I have some questions before I make a suggestion. First, did you enable the "Combined registration feature" already in your tenant? And how many authentication methods did you configure within your tenant?- Hi BilalelHadd
Yes we have enabled the "Combined registration feature"
1 authentication method among phone,email and mobile app code- srinivasyk
I can't explain why you see the screen with the two options. However, I can help you with setting the flag for "forcing the password to change at the next logon," therefore you need to run the below command on your Azure AD connect server:
Set-ADSyncAADCompanyFeature -ForcePasswordChangeOnLogOn $true
As soon as the value (checkbox) has been set within AD, it should synchronize to AAD.
More information regarding this feature can be found in this docs article:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-password-hash-synchronization
Section: Synchronizing temporary passwords and "Force Password Change on Next Logon"
