SETTING UP SELF SERVICE PASSWORD RESET – AZURE ACTIVE DIRECTORY

First of all, we need to create a new directory. I have named the organization as KT’s Test Organization and the Initial Domain name as kttestorg. For the region, I have selected United States.

Next, we need to switch to the recently created directory. You can do it by click on your account and choosing Switch directory.

Then from the list, choose the recently created directory. If it doesn’t show up in the list, just refresh the page.

Once the directory is switched, go to the Azure Active Directory tab. Now to use the self service password reset feature, we need to first upgrade the directory to a premium tier. So in the overview of your directory, click on Start a free trail.

Go to Azure AD Premium P2 and select Free trial. Then on the next blade, click Activate.

Next, we need to create a user. So in the overview tab, click create user.

Fill in the details of name and username. You can go with the default properties for the rest. Copy the automatic generated password for now and click create.

Go to the Users tab.

You will find your newly created user there.

Next, go to the Password reset tab.

This setting means that users of your Active Directory are free to change their passwords using Azure Active Directory and you as an administrator don’t need to be involved in order to reset their password.

There are three options here. None means by default no user will be able to change the password on their own. Selected means a group of users would be under the influence of the applied setting. In our case, we don’t have any group so we will select All, meaning that all the end users of the active directory will be under the influence of this setting.

Then in the Authentication methods, you will find the list of methods required to reset the password. You can also choose how many number of methods are required to reset. We are going to go with the default settings.

Then in the Registration tab, the default option to require to users to register when signing in would be yes. This means that when they sign in for the first time, they need to register their mobile number and/or email ID. The number of days before are the users are asked to confirm would be 180. We are going with the defaults here as well.

Then the notification tab has the settings to notify the users and the admins on the password reset. Defaults here as well.

That is it to configure the self service password reset setting.

Now let us go ahead and test it.

Open the Azure portal in a new incognito/private window and sign in with the newly created active directory user.

Type in the password that was generated while creating the user.

Since this would be the first time of signing in the newly created user, it would ask to update the password.

Then it would ask you for more information since we have configured it that way. Click Next.

You will see this window now where it will ask you to set up at least one of the given options. Select Authentication Phone to set it up.

Enter your phone number and click text me.

Enter the verification code and click verify.

Since we have configured the phone number, we can finish the set up. However, it would be preferable in real time application use to configure an email ID as well.

And finally, you will be redirected to the Azure portal with the user account of your active directory.

Now this phone number would be used in case the user wants to reset the password or if there is a case of breach using the user’s account and they want to reset it.