none
Number of Required authentication gates in SSPR portals RRS feed

  • Question

  • I have installed MIM 2016 Password Reset and Registration Portals and all of the functionality is working as intended when I have one authentication gate. But when I add multiple authentication gates in the "Password Reset AuthN Workflow" such as QA gate, Email OTP and SMS OTP gates, users need to register all of these gates and they need to pass them one by one when they are resetting their passwords. Is there a way to make only one gate required so that users do not need to register all of them? On Azure (as explained here https://blogs.technet.microsoft.com/ad/2014/04/29/deep-dive-password-reset-with-on-premise-sync-in-azure-ad-premium/) you can pick the number of required contact methods, I was wondering if a similar functionality is available on MIM/FIM SSPR portals.

    Monday, April 11, 2016 10:10 PM

Answers

  • I never seen such a solution with FIM/MIM, I would say that leads in nearly completely recreate the SSPR solution or changing many things in FIM and the SSPR Portal.

    However if you like to use the add-in and extension client plugin (welcome screen) you cannot modify that part of FIM SSPR.


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by Safakahmet Tuesday, April 12, 2016 2:09 PM
    Tuesday, April 12, 2016 1:35 PM

All replies

  • Hello,

    you cannot let user choose sspr method on either registration or reset, these activities always run in sequence.

    But you can have multiple SSPR workflows for different audiences but they must decide method before registration.

    /Peter


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    Tuesday, April 12, 2016 7:47 AM
  • Thank you for your quick response, Peter. I currently have one set of users and I want all of my users have the option to pick one of available SSPR authentication methods. With the out-of-box functionality, it is not possible, but I was wondering if that is possible by either creating a custom authentication workflow or activity or maybe altering the behavior of Password Reset and Registration Portals by customizing them? I have been searching on that topic for quite a while, but I could not find anything related to it. Since Microsoft has this functionality on Azure AD Premium, I assumed that it is a desired functionality and there should be a way to do it MIM SSPR portals.

    Tuesday, April 12, 2016 1:28 PM
  • I never seen such a solution with FIM/MIM, I would say that leads in nearly completely recreate the SSPR solution or changing many things in FIM and the SSPR Portal.

    However if you like to use the add-in and extension client plugin (welcome screen) you cannot modify that part of FIM SSPR.


    Peter Stapf - ExpertCircle GmbH - My blog: JustIDM.wordpress.com

    • Marked as answer by Safakahmet Tuesday, April 12, 2016 2:09 PM
    Tuesday, April 12, 2016 1:35 PM
  • Thank you again, Peter. This was the answer that I was looking for.
    Tuesday, April 12, 2016 2:29 PM