Self Service Reset Password Management
Enable end users to reset their own Active Directory password securely
Tools4ever’s Self Service Reset Password Management (SSRPM) is a software solution that allows end-users to reset their password on the basis of a number of simple, predefined questions. The "Forgot My Password" button is integrated into the standard Windows Logon screen and supports a number of platforms.
With SSRPM, system administrators have total control over the password management process, from creating the personal questions to establishing the number of questions that must be answered correctly. With SSRPM, the time-consuming process surrounding password reset is greatly reduced or even eliminated from IT departments.
Click here to learn how end users may easily reset their own passwords with SSRPM.
» Download trial version
» Request quote
» Online demo request
Self Service Reset Password Management with GINA integration
On average, 25% of the calls to a helpdesk are estimated to be password-related, such as resetting forgotten passwords. The IT staff is burdened with resolving these calls, resulting in an increased administrative load for the IT department. At the same time, the end-user also wastes time and is less productive, because he or she is locked out of the network temporarily.
This results in frustration for both the end-user and the system administrator or helpdesk. Thanks to SSRPM from Tools4ever, the IT department is less burdened with these duties and can focus on resolving more critical calls.
References
Customers who use Self Service Reset Password Management include:
Pinellas County School District
Harrison College
South County Hospital
Language support
SSRPM supports several languages, namely English, Dutch, French, German, Spanish, Italian, Portuguese, Polish, Czech and Russian.
24/7 availability
End-users can reset their password 24 hours a day, including weekends and holidays. This is in contrast to the availability of the IT helpdesk.
Customizable password policy
The system administrator has total control over the password policy. For example a complex composition of the password with at least 7 characters or at least 1 uppercase letter. Various password security levels can be configured, from weak to strong.
Advanced authentication
SSRPM’s Advanced Authentication module can be used to expand the set of personal verification questions with an additional layer of security in the form of two-factor authentication. Two-factor authentication is achieved by expanding the set of questions (knowledge) with a code sent using a text message (physical identification token). Besides texting codes, it is possible to mail the code to the user’s personal email address. The texting and email options can be set for each user group.
Reversible encryption
It is possible to configure SSRPM to encrypt the answers instead of creating a hash. The advantage of using reversible encryption is that it is possible to use the Helpdesk Caller Identification web interface.
Questions configuration
System administrators can modify the number and content of the test questions themselves. This also applies to the number of attempts the end-user may make to enter the details correctly.
Reversible Encryption
It is possible to configure SSRPM to encrypt the answers instead of creating a hash. The advantage of using reversible encryption is that it is possible to use the Helpdesk Caller Identification web interface.
Helpdesk Caller Identification web interface
This web interface is intended for helping the helpdesk authenticate users, without the user telling the helpdesk their complete answers to the questions.
Secure interface
End-users are authenticated on the basis of a number of predefined questions. Administrators can decide themselves how many incorrect answers can be entered before someone is blocked from using the application.
Login possible anywhere
It’s possible to reset passwords from any workstation. SSRPM integrates the ‘Forgot My Password button’ in the organization’s logon window or a web portal.
Multi platform support
SSRPM supports Windows, Unix, Mainframe, Novell, Lotus Notes, AS/400, Citrix and a variety of web applications like OWA and NFuse.
Clear and adaptable design
The SSRPM Admin Console offers system administrators an overview of all relevant information, such as end-users who have not logged on, an overview of the number of incorrect answers for a new password, and an overview of the current SSRPM status. The GUI, configuration and reporting abilities can be tailored to meet your organizational requirements.
Integration with other Tools4ever solutions
The web interface of SSRPM is able to show password complexity rules defined by Tools4ever's Password Complexity Manager (PCM) and check if the new password meets the requirements defined by that policy.
Save time and money
Deploying SSRPM enhances the efficiency of the helpdesk and because end-users can modify their own passwords directly, they remain productive. It also reduces the number of cpassword related calls to the helpdesk to near zero. SSRPM has been proven to reduce the number of helpdesk calls regarding reset password by as much as 90%.
Improved service level
With SSRPM, the helpdesk service window for resetting passwords is increased from office hours to 24/7. End-users can reset their passwords easily and at any time (24/7), and remote users don't have to wait for the helpdesk to release their accounts.
Better security
By posing the predefined questions to establish the identity of the end-user, the risk of fraudulent requests for password resetting is avoided. This is often a major improvement over the current situation where an end-user can call the helpdesk and a minimal methodology of checking is carried out. Is the caller who he says he is?
Fulfills compliance
Because all the actions of SSRPM are recorded in an audit log, standard management reports can be generated with SSRPM, particularly for organizations having to work with SOX, HIPAA, SEC and GLBA requirements.
Out-of-the-box solution
SSRPM installation is possible in less than two hours.
Software requirements
| Operating system | Type | Version |
|---|---|---|
| Windows 2000 | 32 & 64 bits | SP4 or higher |
| Windows 2003 | 32 & 64 bits | all versions |
| Windows 2008 | 32 & 64 bits | all versions |
| Windows XP | 32 & 64 bits | all versions |
| Windows Vista | 32 & 64 bits | all versions |
| Windows 7 | 32 & 64 bits | all versions |
| Supported databases | |
|---|---|
| Database | Version |
| MS Access | all versions |
| MS SQL 2000 or higher | all versions |
| Supported Remote Desktop |
|---|
| Windows Terminal Server |
| Citrix |
| SSRPM website |
|---|
| IIS 6.0 |
| ASP.NET 2.0 |
Minimal hardware requirements
Processor: Pentium III (Pentium 4 or higher recommended)
Memory: 512 MB RAM (1 GB or more recommended)
Hard disk space: 256 MB (1 GB or more recommended)
Depending on the exact configuration and used components the system requirements may vary.
SMS Authentication
To enforce strong (two-factor) authentication, it is possible to prompt end users to enter a PIN code during the password reset process. This PIN code will be sent to a mobile number previously specified by the user.
The main benefit of this type of authentication is that SSRPM is secured more effectively. In addition to providing answers to personal questions, users must have a personal physical device at their disposal (the mobile phone) to receive the pin code.
Helpdesk Caller ID Verification
When an end-user directs a request to the IT helpdesk, for example for extra access rights, identification of that end-user is usually desirable. How does the helpdesk assistant determine that the end-user is indeed who they claim to be? Commonly, end-users have to submit a form bearing the signature of a manager or have to be physically present at the helpdesk before the request can be granted.
Is there not a simple way to be able to identify the end-user via the telephone?
With Helpdesk Caller ID Verification it is possible to establish the identity of the end-user telephonically. Each end-user will have enrolled by answering a series of challenge questions, for example, “What is your mother’s maiden name?” By using an intelligent mechanism, the helpdesk assistant cannot view the actual answer to the question, but only parts of the answer (for example the first and last letter of the answer). This is accomplished by the helpdesk assistant asking the caller which letters should be filled in for the answer. In this way it is possible to verify the identity of the caller.
Offline support
SSRPM now offers offline support for end-users with a laptop that does not have a connection with the corporate network and have forgotten their username and/or password but still want to log into their laptop.
In this scenario, end-users click on the “Forgot My Password” button that is provided on the log in screen. SSRPM then presents the same questions as the normal self-service password reset procedure (with network connection). After correctly answering the questions, SSRPM automatically logs the end-user onto the machine.