(Enterprise+, Enterprise+SSO, Stand-Alone Reset Server)
Reset Users can enroll and reset their AD/LDAP Directory passwords. These users only use a very limited set of functions, and do not need access to other features of Password Server.
Detailed Setup Guide: Self-Service Password Reset Enrollment
Reset users can be included as an add-on for Password Server for these editions:
- Stand-Alone Reset Server
Adding Reset Users
Step 1. Reset Users can only be imported from AD/LDAP (see our AD/LDAP setup guide for more information). This requires the Reset Users to be available on your license. Steps:
- Users and Roles > Manage Reset Users
- Click Manage Directories > Setup a connection, specifying a location in the directory for your Reset Users to be imported from
- Test the connection, then Save
- Right-click Action button (for this directory connection) > Import from directory
- These buttons will appear on the Import Users page:
- Select the user(s) you wish to import and click import
- You should then also see these users in Manage Reset Users list
Configuring Reset Users
Step 2. Set the Policy which will be applied to all Reset Users from:
Users and Roles > Manage Policies > Policy Administration > Global Settings
Step 3. Create Challenge Configurations to configure how the resets will work:
- Number / method of Security questions requirements
- Additional Authentication requirements
- Selecting Available Questions
- Applying User Policies
Enrolling Reset Users
Note: Users are not considered enrolled until they have setup all the requirements of their Reset Challenge.
Step 4. Like normal Users, Reset Users must log in to the web client to finish their Enrollment.
When they log in, users will see a message with a link that will take them to an enrollment page:
- Here users can set their basic information, update their questions, and set up any required two-factor providers.
- Set Answers in the Security section
In the future, reset users can modify this information from:
- Click username (top right-hand corner) > Manage Account > Click on Set Answers (link) in the Security section
Managing Enrolled Users
- Reset Users can be viewed under Users and Roles > Manage Reset Users
- The Enrollment Report can be found under Reports > Enrollment Report
- This displays all Reset Users and their current status
- Unenrolled users: can also be emailed with a link to setup their Reset Challenge answers
Step 6. Once Reset Users are enrolled, they can reset their AD/LDAP passwords via:
- Forgot Password link on the Web Client Login Page
- The Windows Login Integration Client
Windows Login Integration
There is a credential provider for Windows login integration available in the client download tab of your Password Server or Reset Server installation. Password Server requires an Enterprise+ or Enterprise+SSO license to make use of it.
See Windows Login Integration for full details.