Merge pull request #94301 from bolt-io/patch-15

Court72 · web-flow · commit 7051e5962d1d · 2022-06-23T09:24:55.000-06:00
Added missing session manager to embedded password reset
diff --git a/articles/active-directory-b2c/add-password-reset-policy.md b/articles/active-directory-b2c/add-password-reset-policy.md
@@ -130,7 +130,8 @@ Declare your claims in the [claims schema](claimsschema.md). Open the extensions
     </BuildingBlocks> -->
     ```
 
-A claims transformation technical profile initiates the **isForgotPassword** claim. The technical profile is referenced later. When invoked, it sets the value of the **isForgotPassword** claim to `true`. Find the **ClaimsProviders** element. If the element doesn't exist, add it. Then add the following claims provider:  
+### Add the technical profiles
+A claims transformation technical profile accesses the `isForgotPassword` claim. The technical profile is referenced later. When it's invoked, it sets the value of the `isForgotPassword` claim to `true`. Find the **ClaimsProviders** element (if the element doesn't exist, create it), and then add the following claims provider:
 
 ```xml
 <!-- 
@@ -151,6 +152,9 @@ A claims transformation technical profile initiates the **isForgotPassword** cla
           <Item Key="setting.forgotPasswordLinkOverride">ForgotPasswordExchange</Item>
         </Metadata>
       </TechnicalProfile>
+      <TechnicalProfile Id="LocalAccountWritePasswordUsingObjectId">
+        <UseTechnicalProfileForSessionManagement ReferenceId="SM-AAD" />
+      </TechnicalProfile>
     </TechnicalProfiles>
   </ClaimsProvider>
 <!-- 
@@ -159,6 +163,8 @@ A claims transformation technical profile initiates the **isForgotPassword** cla
 
 The **SelfAsserted-LocalAccountSignin-Email** technical profile **setting.forgotPasswordLinkOverride** defines the password reset claims exchange that executes in your user journey.
 
+The **LocalAccountWritePasswordUsingObjectId** technical profile **UseTechnicalProfileForSessionManagement** `SM-AAD` session manager is required for the user to preform subsequent logins successfully under [SSO](./custom-policy-reference-sso.md) conditions.
+
 ### Add the password reset sub journey
 
 The user can now sign in, sign up, and perform password reset in your user journey. To better organize the user journey, you can use a [sub journey](subjourneys.md) to handle the password reset flow.
