| Adaxes Web Interface Help |
Password Self-Service is a web-based self-service tool that enables end-users to securely reset their forgotten passwords and unlock accounts in Active Directory without involving help desk staff. The security of self-password resets via Password Self-Service is granted by enrollment, self-configured security questions and SMS verification.
Password Self-Service provides the following features:
| Feature | Description |
|---|---|
| Self-Password Reset | Allows end users to reset own domain passwords in Active Directory without invloving help desk staff. |
| Self-Password Unlock | Allows end users to self unlock own domain account in Active Directory by resetting own password. |
| SMS Verification | Allows to verify the identity of the user, who tries to self-reset password, by a unique verification code sent by SMS to the user's mobile. |
| Email Notifications | Inform end users about resets of their domain passwords via Password Self-Service. |
| Automatic Account Block and Unblock | Allows to automatically block user accounts for self-password reset after a specific number of invalid attempts to provide verification information and automatically unblock them after a specific period of time. |
| Statistics | Provides information on user enrollment in Password Self-Service, successfull and failed self-password resets, accounts blocked for self-password resets. |
| Winlogon Password Reset (Ctrl + Alt + Del) | Allows end users to self reset own domain passwords from the Winlogon screen. |
These features enable secure and reliable self-password reset and account unlock without delays related to handling password reset/unlock tickets by help desk.
Self-password reset parameters are defined via Password Self-Service Policies (PSSP). They allow administrators to set how many security questions must be specified, whether SMS verification is required, when accounts are blocked and unblocked for password reset, how often email invitations to enroll in Password Self-Service will be sent, etc. Administrators can create multiple Password Self-Service Policies and apply them to different users or groups, thus providing for different security levels required for specific user categories.
When a PSSP is created and applied to specific users, these users need to enroll in Password Self-Service by specifying their security questions and answers (if this option is selected in the corresponding PSSP). After that, when enrolled users forget their passwords, they can reset them by themselves. For this purpose, they need to answer the secret questions they specified during enrollment and enter the verification code that is automatically sent by SMS to their mobile (if this option is selected). As an additional precaution, an email notification can be sent to the email address of the users, whose password is reset using Password Self-Service.
The Password Self-Service Statistics provides information on user enrollment, password resets and blocked users. This information allows administrators to control the usage of Password Self-Service and take necessary actions in case of suspicious activity or failed attempts to reset own password. Extended filtering capabilities make it easy to sort the statistics data and find required objects.
For more details, see Password Self-Service Statistics.
With the help of Adaxes Self-Service Client, administrators can provide users a possibility to reset own Active Directory passwords from the Windows logon or unlock screens. This will allow a user to handle own forgotten passwords directly from the Winlogon screen in compliance with the parameters of PSSP effective for this user.
For more details, see Winlogon (Ctrl + Alt + Del).