blog.atwork.at

news and know-how about microsoft, technology, cloud and more.

How to manage self service password reset for users in Delegate365

Delegate365 provides a user self service password reset (SSPR) function since version 2.1. If an user forgot his Office 365 password - and the admins allowed that function - he can self reset his password easily with D365.

The SSPR feature comes automatically with Delegate365 at no additional costs.
In contrast there´s Azure Active Directory in three editions (Free, Basic and Premium) where SSPR starts  with the premium and basic features, see Self-service password reset for users in Azure Active Directory Editions.

So Delegate365 provides a cost neutral way for offering SSPR function to users of the organization with D365. See here how SSPR is configured and can be used with D365.

Prerequisites

The password reset function needs an alternative way to reach an user. So usually an alternate email address is used to send the user a temporary password. Additionally sending via SMS can be chosen, but this is not enabled by default since there are additional costs for sending SMS worldwide. If that´s interesting for your organization pls. contact atwork for pricing details.

Basically SSPR is available for all users who are assigned to an OU.

In the "Edit user" there´s a section "SSPR" where the checkbox [x] Enabled sets that this user can use SSPR.

image

SSPR Enabled must be set by an admin for all users who shall be able to use SSPR.

The admin can set or edit the user´s notification details (email and/or phone number for SMS) - or the user can do this himself.

Let the users set their notification method

Admins usually don´t have much (private) data of their users like a private email address or a mobile phone number. So in most cases it makes sense, that users can set these properties on their own.

To support this scenario admins can send out a link to the D365 portal to their users with the page /passwordnotification added:

https://[d365companyname].azurewebsites.net/passwordnotification

When an user opens this link he has to authenticate with his Office 365 credentials. After successful login there follows a simple web form where an alternate E-Mail address (and a mobile phone number if configured) can be set:

image

After clicking the "Save" button a notification message pops up in the bottom right corner for some seconds. The page can now be closed.

Users can change these properties (with the passwordnotification-hyperlink) anytime.
That´s the contact data needed for SSPR.

Using SSPR in D365

If an user forgot his password he can use the D365 portal link with /passwordreset added:

https://[d365companyname].azurewebsites.net/passwordreset

This is an anonymous page where the user inputs his Office 365 email address (UPN).
After clicking "Send" D365 looks what kind of alternate contact method is saved for that user and shows these options.

image

When clicking "Send" again there´s a one-time to use security code (PIN) created and sent via email (or via SMS) to the address the user has set. A message box informs about the send process.

image

Now the form changes and waits for the PIN entered.

Now check your email (or SMS)

Within one or two minutes the user should receive the PIN as email (or SMS), similar like here:

image

Hint: Keep in mind that this code is only valid for 10 minutes!
Otherwise generate a new PIN with the /passwordreset URL.

Now this PIN must be entered in the web form, followed by "Send PIN".

image

If the PIN was correct (and in the timeframe of about 10 minutes) the user receives a new, temporary password.

image

This password is valid from now on and must be changed after the first successful login.

The user has to set an individual password

After logging in with the new temporary password on https://portal.microsoftonline.com Office 365 forces the user to change the password and set his own individual password.

image

That´s it. Users are able to change their password with D365 anytime easily.

SSPR summary

Delegate365 provides an easy to use self service password reset for ALL users in an Office 365 tenant, independently of the underlying Azure Active Directory subscription at no additional costs.

All customers using D365 get SSPR functionality for their users for free - if the want to use this feature. When using SSPR IT-departments can be relieved and users have a tool for self management of their most personal access method: their own password.

Pingbacks and trackbacks (4)+

Loading