IT Self Service: Secure Password Reset and Beyond

As a Sales Engineer at Centrify, my job is to meet with customers and prospects everyday and learn about their Identity challenges. I’ve noticed a recurring theme lately – many customers telling me about their pains with password resets. Now this is not a new problem. It’s been widely known for a long time now that password resets are responsible for over 40% of support calls. IT self-service empowers users to take control of issues like password resets. But traditional automated password reset implementations have had limited success because of poor end user acceptance and poor policy and process.

The Centrify Identity Service combines an easy-to-use method for end users to reset their passwords, backed up by policies with the complexity and password aging rules that best practices recommend. In addition, the Centrify Identity Service layers in multi-factor authentication to make the password reset more secure, without burdening the user experience.

It begins with the policy being defined by the administrator as shown in Figure 1. The password reset is optional, so it must be turned on to used it. Then the policy can be enhanced by making available one or all of the reset mechanisms shown below. Centrify provides many options because we understand that end-users will differ in their preferred method of password reset. To avoid poor user acceptance we think this is crucial.

Figure 1:

pwrsetpol1

Centrify provides the ability to reset the passwords on its cloud user directory or Active Directory users. For Active Directory password reset, an account with the appropriate permissions is needed.

Next, the administrator matches the password reset policy on the Centrify Cloud Service with the organizations’ password best practices as shown in Figure 2. Click here for more information on the defining the policies.

Figure 2:

Password Reset

For the end-user, it’s as easy as clicking on the “Forgot your password?” link in Figure 3, which allows the user to choose a password reset method that they are comfortable with, as seen in Figure 4. For example, they can choose to get a text message, like the one shown in Figure 5. The user simply enters the code manually — or for an even more simplified user experience, all they need to do is click on the link from their phone.

Figure 3:                                                                    Figure 4:

forgotpw1forgotpw2

Figure 5:

Multifactor Authentication Text message

The net result for the end user is a real-time and easy-to-use tool for password reset that regains access to their applications, whether they are locked out of their account or they have simply forgotten the password. See Figure 6.

Figure 6:

backin

Centrify’s IT self-service functionality goes beyond password resets. It also empowers end users to take control of the mobile management tasks that they usually need IT for. Figure 7 shows the options available to the end user. As an end user, I have the ability to enroll my own devices as part of a corporate BYOD initiative. If later I leave the organization, I can un-enroll, leaving my device unharmed. The ordinary information worker now has a simple way to locate lost devices, make a determination on the recoverability of the device, and then lock it, reset the passcode, or wipe it in the event of a complete loss. The end user can see the device location on a map and hone in on this for recovery.

There are positive implications for this — for IT, this means a reduced volume of support calls for passwords and mobility, which leaves time for other projects. End users are empowered and not hindered by the technology.

Figure 7:

Find device screen

If you would like a demonstration of how Centrify can help you, please send an email to sales@centrify.com.