Self-service password reset software

Active Directory self-service password reset

Password reset tickets are the bane of both IT teams and end users. When the number of password reset tickets increases, IT teams often push more critical issues down the queue so users don't have to put their work on hold for too long while their passwords are reset. When left unchecked, password reset tickets can become quite expensive. Unsurprisingly, several large businesses have spent close to a million dollars resolving their password-related help desk calls.

ADSelfService Plus, an identity security solution with MFA, SSO, and self-service password management capabilities, can eliminate your IT team's password reset tickets by empowering your end users with self-service. Whether it's a forgotten Microsoft 365 or AD password, ADSelfService Plus enables users to reset their passwords on their own without IT assistance.

Self-service password reset from anywhere, at any time

With the increasing adoption of cloud applications and BYOD policies, users are leveraging multiple access points aside from their workstations to complete their tasks. ADSelfService Plus enables users to perform self-service password resets and account unlocks regardless of their location.

Supported platforms

ADSelfService Plus supports multiple user directories for self-service password reset, including: AD, Microsoft 365, OpenLDAP, AD LDS, Google Workspace, MS SQL, Salesforce, IBM AS400, HP UX, and Oracle DB.

How self-service password reset works

• A user who has forgotten their password initiates a password reset request from either the ADSelfService Plus web portal's login screen, their machine's login screen, or using the ADSelfService Plus mobile app.
• ADSelfService Plus checks the users' enrollment status and the policy settings applicable to them, and presents relevant MFA authenticators to the user from a list of 20 different supported MFA authenticators.
• After successful identity verification, the user is presented with the password reset screen where they can reset their password with the help of the displayed password policies.
• Once the password is reset, ADSelfService Plus updates the AD with the new password. The user is then notified, either through email, SMS, or push notification, about the status of the password reset operation.
• The user will then be able to log in to their account using their new password.

Stringent MFA techniques to secure password resets

ADSelfService Plus enables admins to trigger a preconfigured authentication workflow once users initiate a self-service password reset request. It offers 20 different authentication techniques including FIDO passkeys, biometrics, and YubiKey to authenticate users during self-service password reset and account unlock. Some users have access to sensitive business data, and if their accounts are hacked by an attacker, it can lead to disastrous consequences. To combat this, ADSelfService Plus offers admins the option to enforce authenticators of varying intensities for different types of users.

Conditional access policies to automate access control

ADSelfService Plus' conditional access policies allow admins to set context-based rules or conditions to vary the intensity of the authentication process for self-service password reset. The authentication factors present to users are altered based on their IP address, time of request, device used, and geolocation. For example, if an AD self-service password reset request is received from an untrusted IP address outside of business hours, the user will be presented with more stringent authenticators for identity verification as configured.

Strong passwords that can thwart various password attacks

ADSelfService Plus' Password Policy Enforcer provides stringent password policies that restrict the use of predictable patterns, dictionary words, and repeated characters in newly created passwords. Also, by integrating ADSelfService Plus with Have I been Pwned, a breached password database, you can block weak and compromised passwords from your organization. This way, you can defend against multiple password-based cyberattacks, including brute-force, credential stuffing, and dictionary attacks.

Secure remote password reset for hybrid work environments

ADSelfService Plus allows users to reset their passwords securely from anywhere, at any time. This means that they can perform a remote self-service password reset even when they are not connected to the organization's network. ADSelfService Plus' cached credentials update feature then updates their locally cached credentials with the newly reset password, ensuring uninterrupted user productivity and reduced IT workload.

Types of password reset tickets admins and help desk teams encounter from end users

• I have forgotten my Windows password.
• I am unable to log in to my account.
• Someone has changed my Windows AD password, and I want to reset it.
• I am unable to log in to my account with my AD domain password.
• How do I recover my AD account?
• How do I change or reset my Windows AD password?
• I have shared my password with a colleague and want to change it. How do I change my AD password?
• Can I use my colleague's machine and change my domain password using a password self-service web portal?
• Can I change my password myself from the Ctrl+Alt+Del screen?

These routine password queries can be eliminated using a self-service password reset tool, and your best bet is ADSelfService Plus.

Ensure 100% enrollment with ADSelfService Plus

Before users can take advantage of password self-service using ADSelfService Plus, they must be fully enrolled in MFA. To make the enrollment process smooth for both IT administrators and end users, ADSelfService Plus allows you to:

Why choose ADSelfService Plus as your self-service password reset software?