Hey everyone! I've got a bit of a situation here. We have an Entra CIAM tenant with roughly 200 users who signed up using various email domains like Hotmail and others, which aren't from our company's domain. These users are not very tech-savvy (some don't even use smartphones). I want to help them reset their passwords directly from our internal website. The plan is to change their password myself, then let them know what it is in person so they can log in.
However, when I try to reset the passwords, I keep hitting a roadblock with a 403 insufficient permissions error. I've granted the Microsoft Graph.User.ReadWrite.All application permission and requested admin consent, but I'm still stuck. Is it even possible to reset passwords for these users considering they have non-company emails? The email and password combos are saved in our tenant, right?
5 Answers
Have you thought about assigning them corporate identities? It could simplify management and let you reset passwords like any regular users. If you can meet them in person, that would be the way to go.
If the users are considered guests in your tenant, then unfortunately, their passwords are managed by the identity service that created those accounts, so you won't be able to reset them directly from Entra.
It really depends on how their accounts are set up. If they’re members of an Entra external identity tenant you manage, you should be able to reset their passwords. But if they’re just guest users reliant on their own email accounts, that option isn’t available. You might want to dig into why you’re seeing those permission errors in the Microsoft Graph.
You might want to consider sending them a password reset link. If they’re using Gmail or Hotmail, you can provide a direct URL to the password reset page, but ultimately it's their responsibility to follow through and reset it.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads