Forum Discussion
Entra External ID - password reset flow
Hello,
We have started to implement Entra External ID and have reached a dead-end when it comes to password reset initiated by an external admin.
The process we are trying to support:
- The use signs up in our client (website)
- The user should then automatically be generated in Entra External ID
- At the end of the registration, the user receives an email from Entra External ID, with a password reset link
- The user resets the password and is redirected back to our client -> fully logged in
The only flow we are able to get to work now, is that the user sets their own password by pressing the "Forgotten password" button in the login screen in Entra External ID, but this is not going to work for us.
The user should not know that they are in a different site, and for the login to be as seamless as possible, the user should just receive a password reset link in an email.
It looks like this might work in Azure B2C, but we have already starting implementing Entra External ID, so we would hope and expect it to work here as well.
Any help on how to solve this for Entra External ID would be highly appreciated.
1 Reply
You cannot simply create the External ID account and email a one-click “reset-password and return to our site” link that fully handles the reset and sign-in without any interaction. Instead, use Entra External ID’s Native Authentication API (Email-with-password / Email OTP flow) to drive the self-service password reset from your site (server-side calls + your UI). That lets you:
Send the OTP to the user’s email,
Collect the OTP and new password on your site,
Finalize the password change via Entra’s API,
Receive tokens (or sign the user in) and redirect them back fully logged in.
Use the following Microsoft doc for more clarification : Native authentication API reference documentation - Microsoft identity platform | Microsoft Learn
