Reset password option doesn't work using any form of two-factor authentication?
Hello. We're getting ready to deploy ADSSP to our entire company in order to use the unlock account and password reset features. We're looking to secure the user login process by using TFA, specifically in our case RADIUS or Duo but we're running into an issue with the reset password tool using any form of TFA. The account unlock feature works fine, users receive the prompt on their phone such as with Duo that then allows them to authentication.
Where we are running into a problem is using the reset password tool. When logging in to the reset password tool, the user is request to "Please verify your identity using your password to reset your password". So basically they're being asked to enter their password but the entire point of this tool is that they've forgotten their password! I cannot find a way to change this behavior so that the user can just enter say their username and Duo or another TFA method will send out an authentication prompt to their mobile device, they accept the prompt, proceed to log in, etc.
I've contacted support already and they had suggested we try a different TFA method other than RADIUS which is our preferred option due to our infrastructure but I think at this point I'd be happy to get any form of TFA or external authentication method working for the reset password tool. Even with TFA completely disabled, the reset password tool still asks the user to enter their password that they're trying to reset in the first place, just doesn't make sense.
Thanks!
Matt
New to ADSelfService Plus?