Performing a Password Reset

Majid Latif

Introduction

LogonBox SSPR provides users with the ability to reset, unlock and manage passwords without admin or helpdesk intervention, this article shows how easy it is to self service a password reset from the browser without any assistance (LogonBox also enables password self service via integration with the Windows login prompt and also with a mobile app, for users on the move). 

 

Prerequisite

This article covers the end user perspective, there are a number of steps that need to be done beforehand in a live environment:

  • Configure the authentication flow you require for Password Reset
  • Send out profile reminder emails to notify end users to configure their profile - an end user performing a password reset or account unlock requires a completed profile to be able to verify themselves. 

Note: a new realm is preconfigured to use LogonBox Authenticator authentication (or Security Questions for the free Foundation edition) for password reset and account unlock. Once your user directory has been configured, you can use password reset right away if the user has the LogonBox Authenticator app installed. This is preconfigured this way to allow you to verify your user directory connection is working as needed, before configuring the product to your needs. 

 

Step 1 - Password Reset from a Web Browser

From the homepage of your LogonBox server click Password Reset

 

Step 2 - Verify User

After entering username, the user is presented with one or more authentication steps to verify their identity, in this example the admin has configured Security Questions as the only authentication step.

Simply answer the questions, (these are valdiated against the user's profle which they will have completed before).

 

Step 3 - Set New Password

If the user's identity has been successfully verified, the user can provide a new password. The Password Policy is taken from the connected user directory, for Active Directory both default domain policy and fine grained policies are adhered to. 

 

On successful completion the end user will get a notification that their password has been reset.

Click Continue and the page returns to the main portal.

 

Conclusion

The article has demonstrated just how easy it is to have your end users using password reset. Once the admin has configured the authentication flow and the end user completed their profile, it is a simple matter of verifying your identity before setting a new password.