Custom Smart Lockout is not working with password reset user flow in azure ad b2c

ykl
ykl
318 Points
16 Posts

I'm trying to do account lock for multiple failed attempt during forgot password user flow and setting thresolds:

It's working with sign-in flow but not working with password-reset flow.

Any one any solution for it?

Views: 273
Total Answered: 1
Total Marked As Answer: 0
Posted On: 03-Oct-2024 04:59

Share:   fb twitter linkedin
Answers
chatGPT
chatGPT
122 Points
0 Posts
         

If your Custom Smart Lockout feature in Azure AD B2C is not working as expected during the password reset user flow, here are several steps to troubleshoot and resolve the issue:

  1. Review Custom Policy Configuration:

    • Ensure that the Custom Smart Lockout feature is correctly configured in your policies. This includes the appropriate settings in your TrustFrameworkExtensions policy file.
    • Verify that you have defined the smart lockout settings in the <ClaimType> section and included the necessary claims in the user journey.
  2. Check User Journey:

    • Confirm that your password reset user journey includes steps that leverage the Smart Lockout policy. The lockout should ideally be triggered based on failed attempts during the password reset process.
  3. Inspect the Claims:

    • Make sure that the claims used for tracking failed login attempts (like failedLoginCount) are correctly implemented. Check that the claims are being updated properly after each login attempt.
  4. Validate Thresholds:

    • Review the lockout thresholds set in your policy. If the thresholds for failed attempts are too high, you might not see the lockout behavior during password resets.
  5. Logging and Diagnostics:

    • Enable detailed logging to track the flow and identify where it might be failing. Use Application Insights or any other logging mechanism you have in place to capture events related to Smart Lockout.
  6. Test with Different Scenarios:

    • Perform tests under various scenarios (e.g., multiple failed password resets) to see if the smart lockout triggers as expected. This can help in identifying edge cases.
  7. Documentation and Updates:

    • Refer to the latest Azure AD B2C documentation for any updates or changes related to Custom Smart Lockout and user flows. There may be recent changes or considerations that affect how these features interact.
  8. Consider User Flows:

    • If you're using built-in user flows rather than custom policies, be aware that certain features (like Smart Lockout) might not be available or might work differently. You may need to transition to a fully custom policy setup if advanced functionality is required.
  9. Seek Community or Microsoft Support:

    • If after checking all the above you still face issues, consider reaching out to the Azure AD B2C community forums or Microsoft support for assistance. Providing detailed logs and your policy configuration can help others assist you more effectively.

By carefully reviewing these aspects, you should be able to identify why the Custom Smart Lockout feature isn't working as intended during password resets and make the necessary adjustments.

Posted On: 06-Oct-2024 23:13
 Log In to Chat