For admin accounts, this notification provides another layer of awareness when a privileged administrator account password is reset using SSPR. These notifications can cover both regular user accounts and admin accounts. To keep users informed about account activity, you can set up Azure AD to send email notifications when an SSPR event happens. To apply the registration settings, select Save. If outdated contact information exists when an SSPR event starts, the user may not be able to unlock their account or reset their password. It's important to keep the contact information up to date. Set Number of days before users are asked to reconfirm their authentication information to 180. In this tutorial, set up Azure AD to prompt the users for registration the next time they sign in.įrom the menu on the left side of the Registration page, select Yes for Require users to register when signing in. Azure AD uses this contact information for the different authentication methods set up in the previous steps.Īn administrator can manually provide this contact information, or users can go to a registration portal to provide the information themselves. To apply the authentication methods, select Save.īefore users can unlock their account or reset a password, they must register their contact information. You can enable other authentication methods, like Office phone or Security questions, as needed to fit your business requirements. For this tutorial, check the boxes to enable the following methods: To improve security, you can increase the number of authentication methods required for SSPR.Ĭhoose the Methods available to users that your organization wants to allow. You can choose which authentication methods to allow, based on the registration information the user provides.įrom the menu on the left side of the Authentication methods page, set the Number of methods required to reset to 2. This extra authentication factor makes sure that Azure AD finished only approved SSPR events. When users need to unlock their account or reset their password, they're prompted for another confirmation method. Select authentication methods and registration options To enable SSPR for the select users, select Save. If your group isn't visible, choose No groups selected, browse for and select your Azure AD group, like SSPR-Test-Group, and then choose Select. Search for and select Azure Active Directory, then select Password reset from the menu on the left side.įrom the Properties page, under the option Self service password reset enabled, choose Selected. Sign in to the Azure portal using an account with global administrator or authentication policy administrator permissions. Use the SSPR-Test-Group and provide your own Azure AD group as needed: In this tutorial, set up SSPR for a set of users in a test group. As part of a wider deployment of SSPR, Azure AD supports nested groups. Or, you can enable SSPR for everyone in the Azure AD tenant.Ĭurrently, you can only enable one Azure AD group for SSPR using the Azure portal. When you're comfortable with the process and the time is right to communicate the requirements with a broader set of users, you can select a group of users to enable for SSPR. This granular ability lets you choose a subset of users to test the SSPR registration process and workflow. If you need to create a group, see Create a basic group and add members using Azure Active Directory.Īzure AD lets you enable SSPR for None, Selected, or All users.You'll enable SSPR for this group in this tutorial. A group that the non-administrator user is a member of, likes SSPR-Test-Group.If you need to create a user, see Quickstart: Add new users to Azure Active Directory.You'll test the end-user SSPR experience using this account in this tutorial. A non-administrator user with a password you know, like testuser.An account with Global Administrator or Authentication Policy Administrator privileges.If needed, create an Azure account for free.For later tutorials in this series, you'll need an Azure AD Premium P1 or trial license for on-premises password writeback.Password change is supported in the Free tier, but password reset is not. In the Free tier, SSPR only works for cloud users in Azure AD. A working Azure AD tenant with at least an Azure AD free or trial license enabled.To finish this tutorial, you need the following resources and privileges: You can also follow along in a related video: How to enable and configure SSPR in Azure AD. Set up authentication methods and registration options.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |