Self service password reset

Posted on 2010-11-08
Medium Priority
Last Modified: 2013-04-22

We are currently looking at options for self service password resets.    We have a mixed environment {macs, linux ,windows, etc) and use AD 2008R2 for authentication.
   Our current product does a decent job of password resets, but is quite expensive to license.    We will have over 70-100,000 users that will use this.

Some of the features that are needed.
     -User should be able to reset password from any web browser.  If they do not know their password, they should be able to reset their password via challenge/response
    -if the product is able to send verification codes via sms that would be a bonus.
    -ad attribute updates would also be a bonus
    -We also need a web based helpdesk feature.  Meaning, our helpdesk staff should be able to reset passwords of accounts.  A number of staff members use machines on non windows machines
    -decent logging/reporting/collection of all events.

I looked at a number of products but have not found many that fit this criteria {that didn't cost (150k)   It would be preferred for this to run under IIS, but other options could work as well.

Does anyone know of any options that meet this list?  {Gee..I'm not asking too much :) }     Any information would be appreciated.

Question by:fertigj
LVL 27

Assisted Solution

KenMcF earned 750 total points
ID: 34089671
Take a look at rDirectory, the next version will support multiple browsers. Right now it only supports IE.

Also Take a look at Courion

LVL 57

Accepted Solution

Mike Kline earned 750 total points
ID: 34089685
Microsoft makes Forefront Identity manager which can provide this feature and more.   Video here   http://technet.microsoft.com/en-us/edge/self-service-password-reset-with-fim-demo.aspx

Namescape also makes a product (haven't tested it myself).  They have a video up also



Author Comment

ID: 34089725
It is really important that all browsers {or ie/firefox/opera/safari} are supported.   That said the product does look interesting.   I'll have to keep an eye on this.    

I have also read decent reviews on Courion,  my only issue is the pricepoint.   A lot of decent products are pricing themselves out of consideration.     It is hard to justify a large expense for a single service  {even something as important as this}
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

LVL 27

Expert Comment

ID: 34089862
I was incorrect about the browser support with namscape. It is their rDirectory product that only supports IE.

Cross-Browser Support
End-users can use Internet Explorer, Safari, or FireFox to access myPasswordto reset their Windows password, accounts, create Password Reset Profiles, or change their passwords.


Author Comment

ID: 34089880
I'll have to take a closer look at this product.   This does look interesting.

Author Closing Comment

ID: 34183473
Was hoping for open source/free..but can't fault the answers.  Just the question :)

Expert Comment

ID: 34634626
Open Source you say?.......

HERE IT IS!!!!!  

   VA TEch Self Service
LVL 22

Expert Comment

by:Joseph Moody
ID: 39102185
We were looking for a free way of doing this as well. Our final solution used PowerShell to provide a password reset service.

It isn't as pretty as a GUI based option but our users can now reset their passwords by texting from their cell.


Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
If you need to implement application level security in an Access database application or other VBA code, I strongly encourage you to take advantage of Active Directory groups.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question