Microsoft Active Directory Self Service Password Reset - SSPR
More productivity for Users and Service Desk
Read on for easy 4 steps to reach 90%+ adoption rate for on-premise or cloud solution [close to 2 million users] and the configuration and security features of the leading solution - FastPass Self Service Password Reset.
Self service password reset is one of the most efficient solutions any support organization can initiate. About 20-30% of all calls to a service desk are related to passwords. Improved end-user service level and reduced workload are attractive for any service desk manager and IT-operations manager. The prerequisite for success is dependent on users' acceptance rate of using self service password reset tool.
FastPass offers functionality and a best practice guide that secures our customers ' more than 90% adoption rate.
4 STEPS TO SUCCESS
- Force whenever applicable
- Automatic emails for the rest
2. ACCESS EVERYWHERE
- From Domain PC: Pre Windows credential provider
- From external domain PC’s: With PC password cache reset
- WEB-portal for guest PCs
- Responsive design for all smart devices
3. SERVICE DESK ASSISTANCE
- When users call anyway the service desk agent must have assistance for authenticating users
- Users should have a PIN to re-enroll in self-service and not a password
4. CONVENIENT AND SECURE AUTHENTICATION
Question / answer method made for user experience
- Private and semi-private answers for security questions
- Standard questions
- Individual personal questions
- Bulk update of corporate data is possible, but not recommended
- For mobile phones
- For e-mails (private)
Commercial methods like DUO, RSA
TOTP generally available
- Microsoft authenticator
- Google Authenticator
Country or industry-specific
Combine above to make multifactor authentication MFA
Active Directory Self Service Portal
6 pillars of an ideal configuration
- Active Directory
- Multi-forest AD
- Azure AD
- Hybrid Azure AD
- Architecture for hardening
- Architecture for high availability
- Architecture for high performance
Different processes and workflows for users
- Communication to users are different across countries
- Communication is different across internal functions
- Different processes for internal and external users
- Different authentications for different user groups
Languages must reflect the users’ language
- not everybody understands English
- FastPass has close to 40 languages
Self service even for other types of passwords like SAP, IBM, Oracle and many other
Easy and efficient administration and configuration from a central administrator portal
FastPass for Enterprise
offers all of the above for as well the customer who needs an on-premise solution and for customers wanting to go Cloud. The solution is even available for managed service providers as a multi-tenant solution for customers and cloud users!
The FastPass best practice SSPR passwords guide is a clear checklist on how to implement FastPass and reach +90% adoption and success rate.
This is however not enough to guarantee success. All installations are unique and the solution must adapt to the real requirements for user convenience and company IT-security requirements.
A reasonable term for this is CONFIGURABILITY!
Configurability considerations for active directory password reset tool software. Below is just a short overview of some of the decisions to be considered.
6 STEPS TO SUCCESS: Password Self Service
FastPass V4 - Secure Enterprise Passwords
FastPass V4 brings comprehensive password protection to secure organizations. Making passwords complex, avoiding the use of dictionary passwords and popular phrases as part of the password, changing the password regularly, and protecting the password processes will make your organization unattractive to hackers.
The nature of passwords is to make IT-systems SECURE!
The security of a software application does not only depend on the software; but also on the complete security of the IT-infrastructure. When it comes to IT-infrastructure FastPassCorp cannot dictate to customers how to configure. We will however promise that we in documentation and consulting recommendations will inform how you can configure your IT-system to protect your FastPass data and processes in your infrastructure.
Protecting the integrity of data
Protecting the Windows PC Client
Windows Client has three security levels to prevent any intruders:
Preventing access to user’s FastPass account
The Best Practices for security and protection of FastPass access will include the following actions:
For extra secure environments, the following aspects can be evaluated
Made best for users
In today’s environment, users expect fast self-service for any issues they might have with IT. As the most frequent issue is active directory password reset calls, then IT self service must include an Active Directory password self-service functionality. This will resolve users’ issues faster than calling a service desk. It can even turn critically if the problem appears outside the working hours of the service desk.
FastPass Self Service Password Reset Active Directory portal lets you start for an advanced and automatic platform for Windows Active Directory passwords. You can later add functionality as your requirements increase. You might also consider FastPass Cloud.
FastPass basic functions are based on a self-service WEB-portal where users are able to unlock their Active Directory account or reset their forgotten active directory password. Different ways of authentication are available: challenge questions, SMS-Pin codes, Google and Microsoft authenticators or other. Even 2-factor authentication can be dynamic! Access to the portal is from any device with a standard browser – smartphones included. Users get assistance to make the new password according to password policy. The user can select the end-user language from more than 40 different languages. For more details on functionality see FastPass password Manager facts.
Optional features and facilities
Many organizations can improve the self service Active Directory password reset business case and user satisfaction by adding more advanced functionality to FastPass.
With FastPass PC-client users get access to the portal from a locked Domain PC with a credential provider. This is the most usual situation for end-users experiencing problems with passwords. No need to go to another device to access the WEB-portal!
Enrollment is key to user adoption rates. With FastPass PC-client users are forced to enroll!
Non-domain users can be invited to enroll by FastPass automatic e-mail enrollment service.
HelpDesk client is available for the service desk support for those users who call for support anyway. It speeds up the service and increases security.
For users with corporate PC’s who access the system from the external network (from home or travel), the Remote PC-client enables FastPass to reset the PC-cache password. This can’t be done by the service desk with traditional tools and is an extraordinary value.
Organizations with multiple Active Directories can handle this complexity in the extended version
How does a Self-service password reset solution SSPR work?
When the authentication is accepted the user must make his new password. For user convenience, the password policy must be visible to help the user make a compliant password. As the user compiles the different policy elements can turn green to show the user that the password is OK.
FastPass is of course also available from external PC’s via WEB-access and for smartphones and tablets.
Microsoft password reset
Microsoft password reset (in other words, when user forgot windows passwords) is traditionally done by the service desk using their privileged passwords for active directory.
Better productivity and service is achieved with AD password reset tool. Customers with FastPass are successful with password self service because of the following qualities in the service:
- Users need to enroll to be able to authenticate in FastPass when the windows password is forgotten or locked! It can be done with forced enrolment or with the FastPass automatic e-mail enrolment service.
- Access is needed from all type of devices from internal and external networks. The devices can be corporate PCs, smartphones, tablets, and general browser access
- Authentication must be both easy and secure at the same time. You can configure if you want single or multi-factor authentication MFU. FastPass supports:
- Standard question and answers
- Users’ own questions and answers
- SMS to users’ mobile phone number
- Microsoft Authenticator and Google Authenticator
- Smart cards
- Other options
- Assistance from the service desk if the user is unable to do self service
FastPass supports Active Directory and Azure Active Directory users.
FastPass password synchronization is based on an AD interceptor catching all changes to passwords in AD. This creates a transaction to FastPass password synchronization module. FastPass then has a user-map where the user’s user-ids are linked together for the synchronization transaction. FastPass password synchronization reacts very fast, so in general users’ passwords are changed in the target systems even before the user logs in to the alternate systems.