Self Service Password Reset – Azure AD Premium
April 17, 2017
In today’s world, the user doesn’t want to consider any downtime due to any IT constraints and to minimize that constraints Self-Service comes into the picture. Self-service has long been a key goal for IT departments across the world as a minimize downtime, cost-reduction and labor-saving measure. Indeed, the market is flooded with various products such as Microsoft System Center Orchestrator that can let you manage your groups, passwords, or user profiles. Azure Active Directory (Azure AD) sets itself apart from other offerings by providing some of the easiest to use and most powerful self-service capabilities available today. This post will be focused around how to automate the password reset using Self-Service Password Reset on Azure new portal(Resource Manager) in case of end-user forgot the password so end-user will get minimum downtime.
Azure AD Password Management is a set of capabilities that allow your users to manage any password from any device, at any time, from any location, while remaining in compliance with the security policies you define.
If an organization is already using Office365 then the organization’s identities(users) are already synced in the cloud or in the hybrid scenario but still, you need to upgrade from Free Azure AD to Azure AD Premium to leverage this features.
Let’s dig on.
- Open a browser of your choice and go to the Azure portal. Log in with your credentials and click on Azure Active Directory.
- Here, Azure AD edition is Free so first need to activate Premium edition. Click on Password Reset->Get a free Premium trial to use these features.
3. Select Azure AD Premium.
4. Click on Activate.
5. Click on Password reset->Configure.
6. If you don’t want to enable SSRP for all the users then you can create a group and assign members. Here, SSRP group name is AAD Premium Group and members are UserOne, UserTwo and Sakaldeep.
7. Click on Enable button to enable Azure AD Premium features for selected groups of users.
8. After enabling SSPR, now need to configure password reset policy such as authentication method, user registration, end-user and admin notification. Here both email and mobile phone has selected for end user authentication method while resetting password.
9. Below policy is required if you want end user should go through the registration process to provide a current mobile number and email address before resetting the password. Here, registration is required.
10. Below policy will send an email notification to both end user and admin after every password reset.
11. Now we are done with admin level configuration. First, need to register the user to the registration portal. In order to use the password reset registration portal, you must provide the users in your organization with a link to this page (http://aka.ms/ssprsetup) or turn on the option to require users to register automatically. Once they click this link, they are asked to sign in with their organizational account. After doing so, they see the following page.
12. Here, users can provide and verify their mobile number, alternate email address, or security questions.
13. Enter your valid mobile number and verify it.
14. Now verify your alternate email address.
15. After verifying both mobile number and email address, page will looks like below.
16. Registration has done, now let's reset the password using the self-service portal at portal.microsoftonline.com.
17. Click on Can’t access your account?
18. Enter the user ID and security verification code and click on the Next button.
19. Choose verification method, here I am choosing alternate email.
20. You will receive an email having the verification code.
21. Verify your email using the code received in the email.
22. Once your email will be verified, you will be prompt to reset the password for the account.
23. Finally your password has reset.
24. After the successful password reset, end user and admin will receive the email as shown below.
25. Admin can also see the log of all password reset activities as shown below.
In the same manner, you can also reset the password using your registered mobile number.
Total visits : 620