You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Password complexity in Azure Active Directory B2C | Microsoft Docs
2
+
title: Password complexity - Azure Active Directory B2C | Microsoft Docs
3
3
description: How to configure complexity requirements for passwords supplied by consumers in Azure Active Directory B2C.
4
4
services: active-directory-b2c
5
5
author: davidmu1
@@ -8,33 +8,34 @@ manager: daveba
8
8
ms.service: active-directory
9
9
ms.workload: identity
10
10
ms.topic: conceptual
11
-
ms.date: 11/30/2018
11
+
ms.date: 02/11/2019
12
12
ms.author: davidmu
13
13
ms.subservice: B2C
14
14
---
15
15
16
-
# Azure AD B2C: Configure complexity requirements for passwords
16
+
# Configure complexity requirements for passwords in Azure Active Directory B2C
17
17
18
-
> [!NOTE]
19
-
> **This feature is in public preview.**
18
+
Azure Active Directory (Azure AD) B2C supports changing the complexity requirements for passwords supplied by an end user when creating an account. By default, Azure AD B2C uses `Strong` passwords. Azure AD B2C also supports configuration options to control the complexity of passwords that customers can use.
20
19
21
-
Azure Active Directory B2C (Azure AD B2C) supports changing the complexity requirements for passwords supplied by an end user when creating an account. By default, Azure AD B2C uses `Strong` passwords. Azure AD B2C also supports configuration options to control the complexity of passwords that customers can use.
20
+
## Password rule enforcement
22
21
23
-
## When password rulesare enforced
22
+
During sign-up or password reset, an end user must supply a password that meets the complexity rules. Password complexity rules are enforced per user flow. It is possible to have one user flow require a four-digit pin during sign-up while another user flow requires a eight character string during sign-up. For example, you may use a user flow with different password complexity for adults than for children.
24
23
25
-
During sign-up or password reset, an end user must supply a password that meets the complexity rules. Password complexity rules are enforced per user flow. It is possible to have one user flow require a four-digit pin during sign-up while another user flow requires a eight character string during sign-up. For example, you may use a user flow with different password complexity for adults than for children.
24
+
Password complexity is never enforced during sign-in. Users are never prompted during sign-in to change their password because it doesn't meet the current complexity requirement.
26
25
27
-
Password complexity is never enforced during sign-in. Users are never prompted during sign-in to change their password because it doesn't meet the current complexity requirement.
26
+
Password complexity can be configured in the following types of user flows:
28
27
29
-
Here are the types of user flows where password complexity can be configured:
28
+
- Sign-up or Sign-in user flow
29
+
- Password Reset user flow
30
30
31
-
* Sign-up or Sign-in user flow
32
-
* Password Reset user flow
33
-
* Custom Policy ([Configure password complexity in custom policy](active-directory-b2c-reference-password-complexity-custom.md))
31
+
If you are using custom policies, you can ([configure password complexity in a custom policy](active-directory-b2c-reference-password-complexity-custom.md)).
34
32
35
-
## How to configure password complexity
33
+
## Configure password complexity
36
34
37
-
1. Open **User flows**.
35
+
1. Sign in to the [Azure portal](https://portal.azure.com).
36
+
2. Make sure you're using the directory that contains your Azure AD B2C tenant by clicking the **Directory and subscription filter** in the top menu and choosing the directory that contains your tenant.
37
+
3. Choose **All services** in the top-left corner of the Azure portal, and then search for and select **Azure AD B2C**.
38
+
4. Select **User flows**.
38
39
2. Select a user flow, and click **Properties**.
39
40
3. Under **Password complexity**, change the password complexity for this user flow to **Simple**, **Strong**, or **Custom**.
40
41
@@ -46,29 +47,29 @@ Here are the types of user flows where password complexity can be configured:
46
47
| Strong | A password that is at least 8 to 64 characters. It requires 3 out of 4 of lowercase, uppercase, numbers, or symbols. |
47
48
| Custom | This option provides the most control over password complexity rules. It allows configuring a custom length. It also allows accepting number-only passwords (pins). |
48
49
49
-
## Options available under custom
50
+
## Custom options
50
51
51
52
### Character Set
52
53
53
54
Allows you to accept digits only (pins) or the full character set.
54
55
55
-
***Numbers only** allows digits only (0-9) while entering a password.
56
-
***All** allows any letter, number, or symbol.
56
+
-**Numbers only** allows digits only (0-9) while entering a password.
57
+
-**All** allows any letter, number, or symbol.
57
58
58
59
### Length
59
60
60
61
Allows you to control the length requirements of the password.
61
62
62
-
***Minimum Length** must be at least 4.
63
-
***Maximum Length** must be greater or equal to minimum length and at most can be 64 characters.
63
+
-**Minimum Length** must be at least 4.
64
+
-**Maximum Length** must be greater or equal to minimum length and at most can be 64 characters.
64
65
65
66
### Character classes
66
67
67
68
Allows you to control the different character types used in the password.
68
69
69
-
***2 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least two character types. For example, a number and a lowercase character.
70
-
***3 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least two character types. For example, a number, a lowercase character and an uppercase character.
71
-
***4 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains all for character types.
70
+
-**2 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least two character types. For example, a number and a lowercase character.
71
+
-**3 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains at least two character types. For example, a number, a lowercase character and an uppercase character.
72
+
-**4 of 4: Lowercase character, Uppercase character, Number (0-9), Symbol** ensures the password contains all for character types.
72
73
73
74
> [!NOTE]
74
75
> Requiring **4 of 4** can result in end-user frustration. Some studies have shown that this requirement does not improve password entropy. See [NIST Password Guidelines](https://pages.nist.gov/800-63-3/sp800-63b.html#appA)
You can invite external users to your tenant as a guest user. A typical scenario for inviting a guest user to your Azure AD B2C tenant is to share administration responsibilities. For an example of using a guest account, see [Properties of an Azure Active Directory B2B collaboration user](../active-directory/b2b/user-properties.md).
65
65
66
66
When you invite a guest user to your tenant, you provide the email address of the recipient and a message describing the invitation. The invitation link takes the user to the consent page where the **Get Started** button is selected and the review of permissions is accepted. If an inbox isn't attached to the email address, the user can navigate to the consent page by going to a Microsoft page using the invited credentials. The user is then forced to redeem the invitation the same way as clicking on the link in the email. For example: `https://myapps.microsoft.com/B2CTENANTNAME`.
67
67
68
-
You can also use the [Microsoft Graph API](https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/invitation_post) to invite a guest user.
68
+
You can also use the [Microsoft Graph API](https://docs.microsoft.com/graph/api/invitation-post?view=graph-rest-beta) to invite a guest user.
0 commit comments