Skip to content Skip to sidebar Skip to footer
Home / The Link You Are Using Is No Longer Active You May Need to Register Again or Reset Your Password

The Link You Are Using Is No Longer Active You May Need to Register Again or Reset Your Password

Post a Comment
Skip to main content

Tutorial: Enable users to unlock their account or reset passwords using Azure Active Directory self-service password reset

  • Commodity
  • 8 minutes to read

Azure Active Directory (Azure Advertizing) cocky-service password reset (SSPR) gives users the ability to change or reset their password, with no administrator or help desk involvement. If Azure Advertising locks a user's business relationship or they forget their password, they tin follow prompts to unblock themselves and get back to work. This power reduces help desk calls and loss of productivity when a user can't sign in to their device or an application. Nosotros recommend this video on How to enable and configure SSPR in Azure AD. Nosotros also take a video for It administrators on resolving the half dozen most common end-user error messages with SSPR.

Important

This tutorial shows an administrator how to enable cocky-service password reset. If you're an end user already registered for cocky-service password reset and demand to become dorsum into your account, go to the Microsoft Online password reset folio.

If your Information technology team hasn't enabled the ability to reset your own password, reach out to your helpdesk for additional assistance.

In this tutorial yous learn how to:

  • Enable self-service countersign reset for a group of Azure Advertizing users
  • Gear up hallmark methods and registration options
  • Test the SSPR procedure every bit a user

Video tutorial

You tin also follow along in a related video: How to enable and configure SSPR in Azure AD.

Prerequisites

To finish this tutorial, you lot need the following resource and privileges:

  • A working Azure AD tenant with at least an Azure AD complimentary or trial license enabled. In the Free tier, SSPR but works for cloud users in Azure Advertizing. Countersign alter is supported in the Free tier, merely countersign reset is not.
    • For later tutorials in this series, you'll need an Azure AD Premium P1 or trial license for on-premises password writeback.
    • If needed, create an Azure business relationship for free.
  • An account with Global Administrator privileges.
  • A non-administrator user with a password you know, similar testuser. Yous'll examination the end-user SSPR experience using this account in this tutorial.
    • If y'all need to create a user, see Quickstart: Add new users to Azure Active Directory.
  • A grouping that the non-administrator user is a fellow member of, likes SSPR-Examination-Grouping. You'll enable SSPR for this group in this tutorial.
    • If yous demand to create a group, meet Create a basic group and add members using Azure Active Directory.

Enable cocky-service password reset

Azure AD lets you enable SSPR for None, Selected, or All users. This granular ability lets you choose a subset of users to test the SSPR registration procedure and workflow. When you're comfortable with the process and the time is correct to communicate the requirements with a broader prepare of users, you can select a group of users to enable for SSPR. Or, y'all can enable SSPR for anybody in the Azure Advertisement tenant.

Annotation

Currently, you can only enable one Azure AD grouping for SSPR using the Azure portal. Equally part of a wider deployment of SSPR, Azure Advertising supports nested groups.

In this tutorial, prepare SSPR for a set of users in a test group. Use the SSPR-Test-Grouping and provide your own Azure Advertising grouping as needed:

  1. Sign in to the Azure portal using an account with global administrator permissions.

  2. Search for and select Azure Agile Directory, then select Password reset from the menu on the left side.

  3. From the Backdrop folio, under the choice Self service password reset enabled, choose Selected.

  4. If your grouping isn't visible, cull No groups selected, browse for and select your Azure Ad group, like SSPR-Test-Grouping, and so cull Select.

    Select a group in the Azure portal to enable for self-service password reset

  5. To enable SSPR for the select users, select Save.

Select authentication methods and registration options

When users demand to unlock their account or reset their password, they're prompted for some other confirmation method. This extra authentication factor makes certain that Azure Advertisement finished simply approved SSPR events. You tin choose which authentication methods to let, based on the registration information the user provides.

  1. From the menu on the left side of the Authentication methods folio, set the Number of methods required to reset to 2.

    To ameliorate security, yous can increase the number of authentication methods required for SSPR.

  2. Choose the Methods bachelor to users that your organization wants to allow. For this tutorial, cheque the boxes to enable the following methods:

    • Mobile app notification
    • Mobile app code
    • Email
    • Mobile phone

    You tin enable other hallmark methods, like Office phone or Security questions, as needed to fit your business requirements.

  3. To apply the authentication methods, select Save.

Before users can unlock their business relationship or reset a password, they must register their contact information. Azure AD uses this contact information for the different authentication methods prepare in the previous steps.

An administrator tin can manually provide this contact information, or users can go to a registration portal to provide the information themselves. In this tutorial, set up upwards Azure Ad to prompt the users for registration the next time they sign in.

  1. From the menu on the left side of the Registration page, select Yep for Crave users to register when signing in.

  2. Set Number of days before users are asked to reconfirm their hallmark information to 180.

    It'due south of import to keep the contact data up to appointment. If outdated contact data exists when an SSPR event starts, the user may non be able to unlock their business relationship or reset their password.

  3. To utilise the registration settings, select Save.

Set upwards notifications and customizations

To go along users informed about account activity, y'all tin can ready Azure AD to transport email notifications when an SSPR event happens. These notifications can cover both regular user accounts and admin accounts. For admin accounts, this notification provides another layer of sensation when a privileged administrator business relationship password is reset using SSPR. Azure AD will notify all global admins when someone uses SSPR on an admin account.

  1. From the menu on the left side of the Notifications page, ready the following options:

    • Set up Notify users on password resets? choice to Yeah.
    • Prepare Notify all admins when other admins reset their countersign? to Yep.

  2. To use the notification preferences, select Save.

If users need more assistance with the SSPR procedure, y'all can customize the "Contact your ambassador" link. The user can select this link in the SSPR registration procedure and when they unlock their account or resets their password. To make sure your users get the support needed, nosotros recommend you provide a custom helpdesk email or URL.

  1. From the menu on the left side of the Customization page, set Customize helpdesk link to Yes.
  2. In the Custom helpdesk email or URL field, provide an email address or web page URL where your users tin can go more aid from your system, like https://support.contoso.com/
  3. To apply the custom link, select Relieve.

Test cocky-service password reset

With SSPR enabled and ready upwardly, exam the SSPR procedure with a user that's part of the grouping yous selected in the previous department, like Test-SSPR-Grouping. The following instance uses the testuser account. Provide your own user account. It'due south function of the group you enabled for SSPR in the beginning department of this tutorial.

Annotation

When you test self-service countersign reset, employ a non-administrator account. Past default, Azure Advertizement enables self-service password reset for admins. They're required to use ii hallmark methods to reset their password. For more than information, see Administrator reset policy differences.

  1. To see the manual registration process, open a new browser window in InPrivate or incognito mode, and scan to https://aka.ms/ssprsetup. Azure Ad will straight users to this registration portal when they sign in side by side time.

  2. Sign in with a non-administrator test user, like testuser, and register your authentication methods contact information.

  3. In one case finished, select the button marked Looks skilful and close the browser window.

  4. Open a new browser window in InPrivate or incognito mode, and browse to https://aka.ms/sspr.

  5. Enter your non-ambassador test users' account information, like testuser, the characters from the CAPTCHA, and and so select Next.

    Enter user account information to reset the password

  6. Follow the verification steps to reset your password. When finished, you lot'll receive an email notification that your countersign was reset.

Clean upward resources

In a after tutorial in this serial, you lot'll gear up upwardly countersign writeback. This characteristic writes password changes from Azure AD SSPR back to an on-premises Advertizement environment. If you want to proceed with this tutorial series to set upwards password writeback, don't disable SSPR now.

If you no longer want to use the SSPR functionality you have set up equally function of this tutorial, prepare the SSPR status to None using the following steps:

  1. Sign in to the Azure portal.
  2. Search for and select Azure Agile Directory, then select Password reset from the menu on the left side.
  3. From the Backdrop page, under the pick Self service countersign reset enabled, select None.
  4. To apply the SSPR change, select Save.

FAQs

This department explains common questions from administrators and end-users who try SSPR:

  • Why do federated users wait upwards to 2 minutes after they encounter Your password has been reset before they can use passwords that are synchronized from on-premises?

    For federated users whose passwords are synchronized, the source of authorisation for the passwords is on-premises. As a result, SSPR updates merely the on-premises passwords. Countersign hash synchronization back to Azure AD is scheduled for every 2 minutes.

  • When a newly created user who is pre-populated with SSPR data such equally phone and email visits the SSPR registration folio, Don't lose access to your business relationship! appears as the championship of the page. Why don't other users who have SSPR data pre-populated see the message?

    A user who sees Don't lose access to your business relationship! is a member of SSPR/combined registration groups that are configured for the tenant. Users who don't see Don't lose access to your business relationship! were not role of the SSPR/combined registration groups.

  • When some users become through SSPR process and reset their password, why don't they see the password force indicator?

    Users who don't meet weak/strong password strength have synchronized countersign writeback enabled. Since SSPR can't determine the password policy of the client's on-premises environment, information technology cannot validate password strength or weakness.

Next steps

In this tutorial, y'all enabled Azure AD self-service password reset for a selected group of users. Yous learned how to:

  • Enable self-service countersign reset for a group of Azure Advert users
  • Set up up hallmark methods and registration options
  • Test the SSPR process as a user

vanaborne.blogspot.com

Source: https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr

Post a Comment for "The Link You Are Using Is No Longer Active You May Need to Register Again or Reset Your Password"