locked
Active Directory Self-Service Password Unlock Tool RRS feed

  • Question

  • I was wondering if anyone has any experience with self-service password reset portals.  What we're looking for is a tool that will allow users to unlock themselves via a verification process whether they can either call a # or have an automated call to their work phone that they can then authenticate themselves via some security Q's (pin #?) and unlock themselves.

    I'm aware of several 3rd party tools that work via SMS messaging, but not everyone has a co. managed cell phone and I'm not sure that's the route we want to go down.  If we can tie it directly to co. assigned extensions I think that would help more.

    Any suggestions?  Can FIM do this?  We have SCCM/SCSM + Orchestrator, but technically we're not too far into using them so w/o a clear process I'm wondering if this may be above the app owner's position at this point.

    Thanks,
    Adam


    AR

    Tuesday, September 24, 2013 4:52 PM

All replies

  • Hi Adam,

    We just implemented SSRPM from Tools4ever.com.  We also brought the Password complexity manager tool with it.  There are several options you can give the user to reset their password, they can do it via the client installed on the PC, via a webpage, or via Citrix.  The user will have to answer a selection of security questions when they first enrol and each time they go to unlock or reset their password.

    Thanks

    Jeff

    Wednesday, September 25, 2013 2:12 AM
  • Hi Adam,

    both options are OK. more details:

    • FIM: the users are able to reset/change password at the logon screen (definitely, they have to authenticate themselves by answering some security questions). this is a big advantage as this can be done instantly (users can be more productive) and does not required to logon to any internal systems (AD, SM portal, Orchestrator,..) but the user should be on the corporate network (or normal internet access if *Direct Access* is in place)
    • with SM/Orchestrator: this can be done as well, but someone else has to raise the ticket on behalf of the affected user (as the affected user forgot the password) or to have a Kiosk machine (generic user with permissions to raise a ticket in SM portal/orchestrator), the disadvantage if that it takes more time to process. And security concerns in case if the user forgot the password, as the new password must be emailed to a trusted person (User's manager, HR, ...) and again the user has to wait for these people to get the password of.
    Wednesday, September 25, 2013 3:27 AM
  • We have a Self Service tool that allows the User to reset their AD Password Before login to windows or using a mobile friendly web Page. We would happy to take this Requirement and can build custom solution at competetive Price. Please send me your intrest to arun.d@veserv.co.in
    Wednesday, December 18, 2013 4:17 AM