Employees forget their passwords and need quick help:
IDM-Portal Password Reset focuses on user orientation and security.
Password reset workflows
What happens when a password reset is triggered? There are several possible solutions:
Suitable for employees and companies
An IDM-Portal password reset workflow meets the requirements of all users.
Almost every company has the problem of having to reset passwords.
Processes to reset passwords take a long time and tend to overload the IT department.
Example of a Password Reset Workflow with FirstWare IDM-Portal
A password reset workflow takes into account all aspects:
- whether PCs or smartphones are used
- how the design of the subpages and workflows looks like
Maximum flexibility is made possible with FirstWare IDM-Portal.
A custom solution created for end users simply fits best.
Active Directory Password Reset and Microsoft 365
Public cloud services, such as Microsoft 365 offer a direct password self service.
The downside is: There is not much you can do to change the settings or functionalities.
However, most companies operate their own on-premise Active Directory.
Unfortunately, there is no self service portal for AD password resets.
In hybrid environments with the combination of AD and M365, the IDM-Portal has clear advantages.
The base is Active Directory and the sync keeps the passwords the same if it is configured appropriately.
The reset process can be designed on-premise and has an effect in both worlds.
Main features – Reset passwords
Self Service – Activate account with and without changing password
Reset initially just means “to restart”. If it is only a matter of unlocking a user account again, it is not necessarily required to change the password.
Frequently changing passwords does not necessarily represent increased security. In fact, the German Federal Office for Information Security (BSI) has also deleted the passage on changing passwords in the 2020 regulation on identity and authorization management (BSI ORP.4.A8).
However, if the password change is essential, then an “unlock” is not sufficient. In this case, the actual reset must be extended by a password change process.
This can be done e.g. by an automatically generated One Time Password. “Change Password” can also be a separate item in the Password Manager or the Reset Portal. In addition to authentication, password security also plays a major role here.
Authentication – 2FA or MFA
Depending on the organization, the processes and security requirements differ. If the focus is more on internal access, a simple reset button is sometimes sufficient. Depending on the concept, it is important to ensure that the user in question is the right one to reset the password.
With 2-Factor Authentication (2FA), in addition to entering an exact parameter, another security feature is added.
There are many possibilities: PIN, secret questions, SMS codes or special keys.
Multi-factor authentication (MFA) in a password reset self service is a combination of several security features. The key here is to weigh up usability, user-friendliness and security. Otherwise, the requests will still end up with IT or the helpdesk.
Approval – Integration of multi-level authorizations
By including approvals, the IT department confirms, for example, that the employee can reset his or her password.
A multi-level workflow with approvals by an authorized second person is also possible. With IDM-Portal Password Reset, an organization-specific password solution is possible.
IDM-Portal is designed as a web application and adapts as needed. The implementation is based on the organization and the requirements of IT, HR and other responsible departments.
Password Reset Delegation – Colleagues help out
Password reset self service is not always the solution that is required. What is important is a quick solution for the respective employee and a minimal amount of work in IT. Delegating selected tasks to third parties has many advantages: Colleagues can reset passwords.
This can be set up in addition to or instead of a password self-service. The group of people is defined in the user context. Security aspects also play an important role. In combination with IDM-Portal, the helpdesk, colleagues in the department, or superiors can reset the password of others.
Securely reset passwords with IDM-Portal
Automation
Resetting passwords triggers short and linear automations. An initial automation is a generated secure password. However, in Password Self Service there is much more automation potential.
Always and everywhere
IDM-Portal Password Reset can be used for purely internal use on the PC. However, it is also possible to reset passwords via smartphones in the home office or on business trips.
Transparency
As an IT manager, you often need to track what happened. This is especially interesting when it comes to a shared solution with password reset self service and delegation.
Combinations with onboarding and self-service
IDM-Portal Password Reset can be used for purely internal use on the PC. It is also possible to add other functions. A full Active Directory Self Service with attribute changes, permissions and the upload of a profile photo is possible.
Instead of a fully-fledged self-service, a central deactivation option for user access is also possible for specific user groups. How many functions of the user lifecycle are taken into account is always determined by the organization.
Tip from the expert
Unauthorized persons have no possibility to access the AD. However, passwords can also be stored in other systems or databases. In the end, the advantages of low complexity and high security usually outweigh the disadvantages.
We rely on Active Directory integration, because no one can work without this user account.
100% integration means no additional redundant identity database – and thus increased security.
The IDM-Portal Password Reset web application is secured multiple times.