Self-Service Password Reset Enrollment

(Enterprise - limited functionality, Enterprise+ and Reset Server)

Local users and Active Directory/LDAP users can reset passwords in Password Server by first Enrolling and setting the Reset Challenge answers for their assigned Challenge Policy.

Note:

  • With Enterprise edition, only Local users are able to enroll with login resets
  • AD/LDAP users can only be reset with the additional functionality included with the Reset Server

1. Import Reset Users

  • See our guide to importing users via active directory.
  • The user account listed in Directory Credentials will be the one used to reset the users' passwords, and must have permission on the AD/LDAP directory to reset user passwords.
  • Confirm Allow Password Changes is selected in your set up.


  • Once a user list can be retrieved, import as Reset Users.

 

 

2. Attach / Create a Reset Policy

You can create a User Policy just for Reset Users, or use one of the Policies for your Password Server Users.

Reset Users will be assigned to the Default Reset Policy, which can be changed in:

  • Users and Roles > Manage Policies > Global Settings > Edit,  Default Reset Policy



 

3. Create a Reset Challenge

Reset Challenges are essentially the Administrator set rules and questions a Reset User must follow and answer to reset their password. Set up details can be seen under Challenge Configuration.

Set Allow Resets to Enabled to activate.


 

IMPORTANT:
The Reset Challenges must have a User Policy assigned to them to function.
Reset Users will automatically be imported with the Default Reset Policy from step 1.
Enterprise+ Users can have multiple Policies and thus multiple Reset Challenges assigned to them. 

 

4. Reset User Self-Enrollment

Reset Users must still Enroll to use Self Service AD/LDAP Reset, because the Challenge questions must set by the end user.

Note: Users are not considered enrolled until they have setup all the requirements of their Reset Challenge.

When they log in, they can navigate to a Configuration page:

  • Click username (top right-hand corner) > Manage Account > Click on Set Answers (link) in the Security section

  • Here users can set their basic information, update their questions, and set up any required two-factor providers.

5. (Enterprise+) Customize Enrollment Reminder Email

  • Enterprise+ customers have the option to customize the email reminder which gets sent to unenrolled users.
  • We recommend to check how your URL displays, since the server is aware of the short NetBIOS name (network name), but may not be aware of the fully qualified domain name (FQDN).

6. Manage Reset Users via Enrollment Report

  • Reset Users can be viewed under Users and Roles > Manage Reset Users.
  • The Enrollment Report can be found under Reports > Enrollment Report:
    • This displays all Reset Users and their current status.
  • Unenrolled users: can be emailed with a link to setup their Reset Challenge answers.

 

 

7. Self-Service Password Reset

Once Reset Users are enrolled, they can reset their AD/LDAP passwords via the Forgot Password link on the Web Client Login Page (https://localhost:10001/Account/ForgotPassword , by default) or via the Windows Login Integration Client.

 

Troubleshooting

Double-check the following settings:

  • A general error message (purposely discreet) may indicate a user is not yet enrolled in a Challenge Policy.
    • Administrators can find more information in the Event Logging or Detailed Logs
       
  • The AD/LDAP Directory:
    • The user account configured in the AD/LDAP Directory setup will be used to reset the users' passwords, and must have permission on the directory to reset user passwords.
    • "Allow Password Changes" must be set on the directory, which:
      • allows users to reset their own passwords
      • allows administrators to reset user passwords
      • allows users imported from the directory to change their passwords
         
  • The Challenge Configuration:
    • Must be enabled
      • Manage Login Reset Challenges > Challenge Configuration > Actions > Edit > Edit Challenge Policy > Allow Resets=Enabled
Tag page
You must login to post a comment.