Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Plan your Password Reset processes

Log in to subscribe to topics and get notified when content changes.

Plan your Password Reset processes

To ensure security and efficiency, take the time to plan your Password Reset implementation.

Before you begin

Role required: password_reset_admin or admin


  1. Decide on the password reset process:
  2. Decide how groups and roles differ in access and security needs.
    Analyze and assess how members of each group in your organization access the system. For example, if members of the sales group primarily access the system remotely, consider using a stronger method or multiple methods to verify the identity of each user.

    Identify user roles that have access to critical information and resources. For example, stronger verifications might be required for roles that have access to employee data, accounting information, or network configurations.

    Based on your analysis of groups and roles, determine the number and variety of verifications needed for the different Password Reset processes.
  3. Decide how to manage credentials.
    Determine whether single sign-on is enabled with the type of directory service or other credential store used. If the directory service is configured for single sign-on, consider increasing the level of security by using multiple methods to verify identity of a user. A compromised user name and password can easily allow access to associated systems in a single sign-on environment.
  4. Decide how to implement enrollment in the Password Reset program.
    For example, will enrollment be optional or required? Will users be auto-enrolled? How will users be notified to enroll in the program? The answers to these questions will help you determine the appropriate verification types to use.
  5. Decide which Password Reset options to offer to users.
    • If your organization uses single sign-on, how will users reset their password if they are unable to log on?
    • What options are available to users working off-site?