Plan your Password Reset strategy

To ensure security and efficiency, take the time to plan your Password Reset implementation.

Before you begin

Role required: password_reset_admin or admin

Procedure

  1. Understand groups and roles.

    Analyze and assess how members of each group in your organization access the system. For example, if members of the sales group primarily access the system remotely, consider using a stronger method or multiple methods to verify the identity of each user.

    Identify user roles that have access to critical information and resources. For example, stronger verifications might be required for roles that have access to employee data, accounting information, or network configurations.

    Based on your analysis of groups and roles, determine the number and variety of verifications needed for the different password reset processes.

  2. Consider how credentials should be managed.
    Determine whether single sign-on is enabled with the type of directory service or other credential store used. If the directory service is configured for single sign-on, consider increasing the level of security by using multiple methods to verify identity of a user. A compromised user name and password can easily allow access to associated systems in a single sign-on environment.
  3. Consider how enrollment will be implemented.
    For example, will enrollment in the password reset program be optional or required? How will users be notified to enroll in the program? Will users be auto-enrolled in the program? The answers to these questions will help you determine the appropriate verification types to use.
  4. Consider which password reset options to offer to users.
    Will users reset their own passwords from a self-service module or will the service-desk reset passwords on behalf of users? If the organization uses single sign-on, how will users reset their password if they are unable to log on? What options are available to users working off-site?

    To make the Password Reset application with Orchestration available to all users publicly, create a new Password Reset Process only for this purpose and make it accessible to Public.

    Watch a video on resetting a password: Resetting User Passwords (Video).