Remote users' password challenges

Remote employees may often work in a different time zone than the IT team. In such a situation, if a remote employee forgets their password, they could be stranded for hours, unable to log in to their machine for an entire day or clock in to record their work hours. This isn't good for the user's productivity. ADSelfService Plus enables AD password reset for remote users and updates the cached domain credentials on their machines.

Updating the locally cached credentials on Windows machines using ADSelfService Plus can be achieved:

• Using a VPN client
• Without using a VPN

Organizations having VPN infrastructure with VPN vendors supported by ADSelfService Plus can update their remote users' cached credentials over VPN. When an organization does not have VPN infrastructure or uses a VPN vendor not supported by ADSelfService Plus, then they can update their remote users' cached credentials without using a VPN client.

To learn more about cached credentials, their significance, and how cached credentials update works in ADSelfService Plus, click here.

ADSelfService Plus comes bundled with a logon agent that places a Reset Password/Account Unlock button on the password change screen. When a user clicks on the password reset link, it enables them to reset their password securely and then updates their locally cached credentials.

Remote password reset: How does it work?

1. ADSelfService Plus places a Reset Password/Account Unlock link on the login screen of Windows, macOS, and Linux machines to enable self-service password reset. Clicking this link will open thepassword reset portal.

   

2. Users are required to prove their identity through any one of the enforced authentication methods, like SMS-based one-time passwords (OTPs), email-based OTPs, Google Authenticator, DUO Security, and RSA SecurID.

   

   Important:

   1. Users must be enrolled in ADSelfService Plus to utilize the self-service password reset and self-service account unlock capabilities.
   2. Enrollment is a one-time process where users enter their mobile number and email address, set answers to security questions, and provide other details in ADSelfService Plus in order to register for self-service password management. Learn how to enroll users.
3. Once a user’s identity is successfully verified, they will be allowed to reset their forgotten AD domain passwords.

   Tip: Ensure password security. Use the Password Policy Enforcer to enforce strong user passwords by including special characters and blacklisting dictionary words and patterns.

   

   • ADSelfService Plus resets the AD password and alerts the logon agent about the successful completion.
   • The logon agent initiates a request for updating the local cached credentials either through a VPN connection or without connecting to a VPN.
   • After the request is successfully approved by AD, the cached credentials are locally updated on the user's machine.