this post was submitted on 07 Sep 2023
299 points (97.8% liked)

Tales from Tech Support

804 readers
1 users here now

founded 1 year ago
MODERATORS
[email protected]
299
I don't know that I've ever face palmed harder from a user response than today (lemmy.world)
submitted 11 months ago by [email protected] to c/[email protected]
31 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 11 months ago* (last edited 11 months ago)

Self-Service Password Reset. You can use MFA to verify your identity to reset a password and those MFA methods can be predefined by admins.

So you can allow user to reset their initial passwords using SMS OTP and some another factor such as location (approved public IP ranges at offices for example)

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-howitworks

I have to admit I have not implemented or even seen SSPR configured for initial password before, but this talk actually made me want investigate it further. Lab project for the weekend!