Save time and increase productivity. With Active Directory Password Self-Service
By Neil Burton
Forgotten passwords and locked accounts can waste a considerable amount of your IT team’s valuable time and create workload bottlenecks. Not to mention the time and money wasted as a result of user downtime. In fact, according to eweek magazine, it’s estimated that resetting passwords costs US organisations over $420 in lost productivity, per employer each year.
To solve this problem we recommend Password Self-Service, through Adaxes Active Directory. Instead of calling your help desk and going through the unreliable and even insecure password reset procedure over the phone, Adaxes allows users to reset their own passwords securely, without IT department intervention. Meaning your users are up and running more quickly and your IT teams can focus on other priorities.
How It Works
Users with forgotten passwords follow a simple, user-friendly procedure. After clicking the Reset Password link (provided by Adaxes) they verify their identity by either entering a security code sent via SMS or by answering security questions. Both methods can also be used in tandem, effectively providing two-factor authentication. After the ID is verified, users can unlock their account, reset their password, log in and get back to work. It’s as simple as that!
Users launch the self-password reset procedure either straight from the Windows logon screen or via the Web Interface using a browser on any device, such as a phone. Password self-service link can also be integrated into your own portals or applications so that users can start the procedure from there.
By enabling the Q&A option for ID verification, first-time users will need to provide answers to security questions during a one-time enrolment procedure. To ensure all users are on-board, Adaxes can regularly send email reminders, show enrolment invitation balloons in the Windows notification area and display a pop-up every time users log in to the Web Interface.
Adaxes also supports auto-enrolling users for password self-service in bulk. This is especially useful if you store user-specific info that can be used as answers for security questions such as SSNs, IDs, places of birth, etc.
Offline and Offsite
Adaxes Self-Password Reset allows passwords to be reset even when users aren’t on your corporate network. Traditionally, users on domain-connected laptops who forgot passwords would be locked out of their machines until they come back to the office. But with Adaxes they simply go through the same password self-service procedure and log in to the laptop with their new password. No VPN or other additional means are required.
For password self-service it’s important to find the right balance between maximum security and ease of use. Adaxes allows you to strike just the right balance for everyone as it allows applying different policies to different users, so that stricter password reset procedures apply to more security-sensitive accounts. For example, some users can be forced to answer more security questions than others, have two-factor verification enforced and be allowed less failed attempts.
By default, after a certain number of failed attempts, Adaxes automatically blocks access to password self-service for a specific period of time. This way any brute-force attacks or other suspicious activities are eliminated straight away.
After a password is successfully reset using the self-service procedure, users get an email notification. So if the reset is unauthorised, measures can be immediately taken.
To provide an additional security level to the password self-service process, you can add an approval step to it. So, after a user successfully goes through identity verification, the password will only be reset after an approval is granted for it. The list of approvers can contain members of IT staff, the manager of the user, their colleagues, etc.
Adaxes provides monitoring capabilities, which means that administrators can always keep an eye on things like how the enrolment progress is going, successful and failed self-password reset attempts, etc. With such approach any problems that may present themselves can be easily identified and dealt with. For example, if a certain policy results in many failed password reset attempts, administrators might need to make that policy less strict.
With password self-service in place you can take away a lot of frustration from your environment, and make password resets more reliable and available to everyone everywhere and at any time. As a result, you can save lots of resources for your organisation, in terms of both time and money, that would be otherwise wasted.
Arrange a demo
As certified professional Adaxes consultants, Armstrong IT can deliver your software licence, install it, configure it to your specific needs and provide ongoing technical support all under one roof. We can even get to work on resolving all your Active Directory issues, including Password resets, within 24 hours of taking your order. That’s why we say Armstrong IT and Adaxes makes IT easier.