10 Best Self-Service Password Reset (SSPR) Products / Software
The 10 best SSPR tools for you to consider for your next SSPR project!
You can probably find lots of products with self-service of password resets included somewhere – somehow. Here you can find 10 SSPR products which you can select as stand-alone SSPR solutions with rich functionality, and which we often meet in the market in competitive SSPR bids for large and midsized organizations.
This guide is for organizations with 500 users and upwards (+100,000 users).
Products focusing on smaller accounts are not included.
The products are from:
All sspr tools have been compared against the chosen criteria:
*No email required
Overview of Solutions
Avatier has different solutions for Identity Management named Identity Anywhere with Password Management. It offers the solution in a Docker container.
Avatier has offered SSPR for many years. We find that the SSPR tool uses features in the Identity solution. If you already use Avatier Anywhere their SSPR solution must to be the logical choice. If you select their SSPR tool, then make sure that the key features for you really are available for the stand-alone product.
It is a functionally rich product with support for many corporate passwords – but has important password types unsupported.
It is focused on self-service and has only light support for secure password resets at the manual help desk.
FastPassCorp is 100% dedicated to solutions for password security and secure identity verification. The first FastPass version was developed as a general add-on to Identity and Access Management solutions. Later the focus expanded to integrate with popular ITSM solutions, as customer interest was on the help desk productivity.
FastPass is strong in configurational flexibility to ease the integration with many different solutions and organizations. This includes direct password resets from Oracle, SAP, IBM, LDAP and other corporate password types. Password synchronization is available for the same targets.
To protect the password reset process in help desks the Identity Verification Manager module has been introduced. It protects against social engineering (Vishing) against the service desk.
FastPass Enterprise is available on-premises/cloud and as a multi-tenant version.
The group “Active Directory Management” includes ADSelfServicePlus with self-service of password reset.
A Standard and a Professional Version are available. Our comparison is based on the professional version. As ADSelfServicePlus is part of a family of products, investigate what products the functionality you are interested in come from.
The ManageEngine solution offers synchronization to some systems but doesn’t offer Direct Password Reset for other passwords than Windows.
ManageEngine has a wide range of MFA (Multi Factor Authentication) offerings.
There is a good integration to ManageEngine’s own IT-service desk product but check how it will work with your chosen ITSM tool.
Regarding localization you might be short of all the languages you need.
When you are licensed for Azure Active Directory Premium you can use Azure AD self-service password reset. If you don’t have this license already, it is rather expensive to license if your only requirement is password self-service.
The self-service functionality is well integrated into the users’ flow. As with other Microsoft offerings it is focused on Microsoft’s other products and services. Don’t expect to find synchronization or direct password reset to other corporate passwords like SAP and Oracle.
Many popular MFA (Multi Factor Authentication) devices are not available with Azure. It is possible to configure your central on-premises AD to have password synchronization with Azure. Neither Azure AD Free nor Business standard does enable users to reset, change or unlock their password within a hybrid on-premise environment. The on-premise writeback feature using AD Connect requires Azure AD Premium 1, Premium 2 or Microsoft 365 business premium which comes with a significant cost.
MFA options must be defined for all users and cannot be tailored per user group. Can only enforce a maximum of 2 MFA options and some popular commercial offerings like OKTA, DUO and smart cards are not covered.
Microsoft always has strong language support. It is however not possible to localize the customer’s own security questions – making global rollout difficult.
If you don’t have the license for Azure Active Directory Premium and still want to use Microsoft products then Microsoft Identity Manager MIM gives you self-service of passwords.
With MIM you only have a limited choice of authentications. The basic function for Windows Desktop login is phone-based call back. For WEB-based verification it is the phone call back or SMS.
In MIM synchronization of passwords is enabled and you have access to connectors for many corporate passwords. SAP doesn’t however appear amongst them.
Everything about enrolment for password self-service is integrated into the general enrolment process.
MIM for an isolated password self-service project seems to be for dedicated Microsoft customers.
Owned by Microfocus, a software distributor and producer of a high number of products.
“NetIQ Self Service Password Reset is a simple, secure and easy-to-deploy password self-service application that helps users reset or re-enable their own network passwords” (“NetIQ® Self Service Password Reset”)
NetIQ is primarily an Identity Management platform including SSPR. In this guide we only look at the stand-alone SSPR module which can be licensed as such. Licensed together with the IDM solution more options are available for the customer, but then you embark on an identity management project. That is a much more complicated project to engage in than a standard SSPR project.
Self Service Password Reset directly integrates with many enterprise environments that use LDAP compliant directories such as Microsoft Active Directory, eDirectory, and Oracle. (“Self Service Password Reset Product Flyer - Micro Focus”)
NetIQ password synch is available with Microfocus Identity Vault.
Helpdesk integration limited to support the light service
Few languages for localization.
OKTA SSPR can be independent – but many functions that you will expect to find in an SSPR solution are delivered from the OKTA engine - which is an identity product. This makes it difficult to compare with other SSPR products.
In OKTA SSPR there is no password synchronization, but OKTA offers this in their SSO (Single-Sign On) product!
The end-user authentication is surprisingly limited: email or SMS plus challenge questions.
Beware when reading about the OKTA password self-service. Often it means password self-service for the password related to the OKTA Identity product and not your Windows password!
Quest offers a wide range of software products. One group aims at Identity Management. Here you find OneIdentity which offers an SSPR module too.
OneIdentity password reset for other types of passwords than AD is based on the OneIdentity Identity Management product and is not integrated into the SSPR.
Q/A based authentication is limited to SMS/Email, questions and OKTA.
Languages for multiple countries are limited and not flexible.
We see no support for the assisted password reset process at the service desk.
Overall, a solution which seems to be an easy to add solution for the Quest Identity Solution.
Specops has a number of products for AD administration and self-service and has for many years offered a password self-service tool Specops Password Reset.
This product has recently been surpassed by the new uReset which is cloud based. As this seems to be the favorite offering for new accounts we have used uReset for this comparison. If you want Specops to deliver an on-premise version you must go for the older version.
uReset is only for Windows passwords.
It has a comprehensive set of authentication options available.
For localization uReset still seems to be at the beginning as only 7 languages are available, making it difficult to get end-user acceptance internationally.
Thycotic is a well-known supplier of security software. For passwords they have been successful with the solution for privileged password management: PAM.
Thycotic delivers a solution for end-user password reset SSPR too.
This is however a simpler solution with support for Windows passwords only and a very limited scope for authentication limited to email, SMS and questions.
It might be the right solution for customers of other Thycotic products.
Protect your Passwords today with FastPass
Get in touch with us today by filling up the form and our team will get back to you as soon as possible.