Self-Service-Password-Reset

The feature Self-Service-Password-Reset (or SSPR) allows Trustelem users to reset a lost password, even if they are from Active Directory.
The goal is to reduce the administrative workload by giving users autonomy.

sspr-00.png

The setup is done in the Security settings tab, then Password management:
https://admin-mydomain.trustelem.com/app#/security/passwords/edit --> Self-service password reset for users
Note: if you don't have access to this feature, please contact WALLIX Trustelem support.

When the feature is activated the administrator can select the number of required factors then select which factors will be required.

sspr-0.png

Notes:

Self-Service password Reset for Active Directory

If you want to activate the SSPR service for Active Directory, you should already have a directory setup with an AD Connect installed.
See: Active Directory synchronization First, you have to go on your Trustelem directory setting page and activate the feature Password recovery.
Then SSPR service requires the Trustelem connector service account to be granted with privilege delegation for user's password reset.

sspr-1.png

sspr-2.png

sspr-3.png

sspr-4.png

sspr-5.png

Self-Service password Reset for Azure Active Directory

If you want to activate the SSPR service for Azure Active Directory, you should already have a directory setup with Trustelem.
Note: Azure Active Directory passwords can only be used and reset by Trustelem if Office 365 is not federated.
First, you have to go on your Trustelem directory setting page and activate the feature Password recovery.
Then start PowerShell and execute the following script, with the correct value for the CLIENT ID of your Trustelem app on Azure AD:

Install-Module AzureAD
Connect-AzureAD
$app = Get-AzureADServicePrincipal -filter "AppId eq 'CLIENT ID'"
$role = Get-AzureADDirectoryRole | Where-Object { $_.DisplayName -eq "Helpdesk Administrator" }
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $app.ObjectId
$role = Get-AzureADDirectoryRole | Where-Object { $_.DisplayName -eq "Directory Writers" }
Add-AzureADDirectoryRoleMember -ObjectId $role.ObjectId -RefObjectId $app.ObjectId

Revision #2
Created 1 July 2022 08:29:55 by WALLIX Admin
Updated 30 October 2023 15:28:54 by WALLIX Admin