Force Password Expiration after 90 days with automatically redirect

I have a security requirement related to users’ password expiration. After 90 days of the last password change, I need to force the user to reset his password during the login redirecting the user automatically to the password change screen. After the user changes the password, the login should continue with no interruptions or additional actions. Is there a way this can be achieved by configurations or with Auth0 Actions?

Hi @geovanny

Welcome to the Auth0 Community!

If you are looking for a quick solution to your problem, you can check our Password Rotation Action which won’t allow the user to log in, forcing him to change password.

If you found this post helpful or interesting, please give it a like :+1: . Your interaction makes a difference. Have a wonderful day! :sun_with_face:

Dawid


:video_camera: Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!

Hi @dawid.matuszczyk, thanks for your response.

Unfortunately, this action only blocks logins for users with expired passwords. However, I would like to implement an automatic redirect to the password change screen instead of only blocking the login attempt and showing an error message.

Is there a suggested way to implement this?

Any update on this guys?

We were also expecting Auth0 UI to handle the reset password flow automatically as part of Universal Login, instead of just throwing an error back to the application. Password expiry should be a foundational part of an identity provider. The text of the error is also not localisable so would have to be interpreted by our application and a substitute string shown instead.

When will this get first-class support within Universal Login?

Until then, has anyone built a custom action to make this seamless?

For example, I am thinking that the action could automatically trigger a password reset email to the user when their password has expired so that the experience is as ‘seamless’ as possible. Our app can still show the ‘error’ message and that an email is on its way.

Thanks