Password Reset Portal including user account creation
A service provider of specialized information relies on the password reset self-service in FirstWare IDM-Portal. The company, based in Bavaria, offers information and services through cloud applications, but uses a hybrid infrastructure for central user management with Active Directory and M365. In addition to internal employees, there are many external users who use the services and have a user account for them.
Index
Customized Password Reset Portal
With IDM-Portal’s password reset self-service, FirstAttribute provides a fully customizable solution. While common solutions have limited configuration options, the IDM-Portal is configured in a functional way. Whether it’s a minimized final solution or special requests with three intermediate steps is ultimately decided by the organization – not the software.
User focus crucial for customer
There are many password tools and SSPR solutions on the market. This is not a new topic. Our customer chose IDM-Portal’s password reset self-service because individual requests were particularly important for the company. These related to two main points:
Password reset and user account creation
The customer required that the core function, i.e. resetting a password, should only be possible for external users. For internal users, the helpdesk continued to do this on request. However, the accounts that were reset were initially in Active Directory. The Password Reset Portal was made securely available for external users for this purpose.
Another desired feature was the quick and easy creation of new users. Standard SSPR tools do not offer this function. With IDM-Portal, employees from non-IT departments can also create a new user quickly and securely if this is required by the company. How a new user is created and which authorizations are allowed can be defined in the self-service mode for “non-critical” services.
Definition of a workflow for users
The second important point was the process of a user workflow. This meant that certain actions should run one after the other. For example, a user first uses his user name, clicks on “Next” and enters the second factor in the next dialog. An alternative would have been to enter all data on one page right away.
Active Directory and Microsoft 365 integration
While in cloud-only environments, password reset is organized by the provider (e.g., at Microsoft), many of our customers have on-premise AD or hybrid IT structures. Enterprises need to decide which directory is the leading one for password reset self service.
At our Bavarian customer, Active Directory was the leading directory service for user management and user account creation. Even if several cloud solutions (including M365) were connected, the self-service Password Reset Portal should be based on AD in this case.
As a software and service provider, FirstAttribute is happy to help companies with decision making, planning and implementation. Contact us if you are facing similar decisions.
Self-Service Password Reset (SSPR)
Self-service password reset is a topic where the user should be the main focus. The following points must be thought through:
- Can employees easily access the solution?
- Are the processes safe?
- Do they reflect the specifics of the organization?
When employees are asked for too many parameters and do not understand what “personal employee number” or “PIN” is required, they prefer to call the helpdesk. The user perspective urgently needs to be taken into account up front.
Further information
Are you interested to know more? To learn more about the different possibilities of a self-service password reset, please feel free to contact us.
Self-service and other options for users
In addition to the password reset self-service, IDM-Portal can be used to implement a wide range of self-service solutions: from maintaining personal data and the profile picture to ordering authorizations via multi-level approval workflows. The IDM-Portal is adaptable to any customer environment.
Give your employees the ability to update their colleagues’ data by delegating user data maintenance. Through role-based access it is precisely defined beforehand who is allowed to read or edit what and to what extent.
You are working only in the cloud and don’t need Active Directory anymore? We have already created a solution for this as well: M365 in self-service.