locked
Capture ID of failed logon RRS feed

  • Question

  • Ok here's a strange one but it's a request made by a manager. They would like to capture the ID of a failed ADFS login and perform a lookup in AD to see if that user belongs to a certain group. If the ID is a member of that group they want to then have that user redirected to a self service password rest site. Are there any add-on modules available that could do such a thing since obviously there is nothing in native ADFS that can?
    Friday, July 29, 2016 8:06 PM

All replies

  • Hi, 

    Just to understand. Bascially they want to show the password reset functionality, only after failed login attempt and if you are a member of a specific AD group?

    If you have Office365 or Azure Active Directory, you could look into the password reset functionality available there. I know that it has filtering on AD groups. If you do not already have it, any other third party password reset would properly do the same.

    The custom redirection is a bit more tricky, I'd guess that would require some javascript development on the side.

    Monday, August 1, 2016 10:10 AM
  • Just an added thought.

    You could create a trigger on failed login events, that would send the user an email with a password reset link.Trigger launching a powershell script, that would do a LDAP lookup, If member of PassReset group Send mail, else do nothing.

    On the other hand, if the user fails to login, they might not have access to email. Maybe alternative email ... Just a little brain storming :)

    Monday, August 1, 2016 11:05 AM