This article relates to Simple Sign-On and Surp4ss!


IAM Cloud's Password Reset services allows end users to reset their password without having to contact their IT Department. This feature is included by default in our federation service both on the base and advanced plan. There are 4 self service reset options available via this service:


  1. Known Password Reset 
  2. Self Service Reset via SMS
  3. Self Service Reset via Email
  4. Self Service Reset via Challenge Response (Questions and answers)


Our password reset features are configured and enabled in the IAM Cloud portal.


When you have activated the password service you will have additional options on logging on to an application.



Reset password will present users with Fig 1.

Manage Settings will present users with Fig 6. 


From the IAM Cloud Portal home page select Features > Known Password Reset or Self Service Password reset.

You can chose from 4 Self Service password reset options. *Please note SMS has an additional cost and needs to be activated. Please contact support if you would like more information on this option.

  • Known Password
  • Email
  • SMS
  • Challenge Response (questions & answers)


Known Password Reset 


This option allows users to change their password when they already know it.


To enable this feature in the IAM Cloud portal  select Features > Password services and select the option.  You can activate this option for all users or a classification of users under the Target Editing tab.





To select a classification under the target editing tab click on the appropriate classification, choose tick all applications and then press save. The password reset feature will then be applied to that classification. 





To reset a password simply select the link on the login screen and you'll be presented with the option below:



In order for the password resets to write back to AD Destination for passwords needs to be enabled under Active Directory in Applications. It can be enabled by clicking the edit button.






Self Service Password Reset


Once the options are enabled, under 'minimum amount of SSPR alternatives', you can select how many recovery options your users have to set. If you've enabled all three options and set them to mandatory and set the value of minimum alternatives to 3, then when the user logs into 365 they'll be presented with the option to setup three methods of recovery. If you've selected two then they'll only be asked to setup two recovery options.





Reset via Email

A recovery code is sent to a specified email address to reset their password.

To enable this feature in the IAM Cloud portal  select Features >  Password services  and select the option ‘By Email.’




Administrators can select whether they want to enforce users to set up their email address for password reset by selecting the is Mandatory option. On logon users will be forced to update this option before they can log in.  You can also upload your own customized branded emails with your own text or brand images. 


This can be assigned to classifications as per the previous instructions. Once this is selected additional configuration options can be found under Features > User Identification. Here you can select where the recovery email address is stored in our DB.

PLEASE CONSULT IAM CLOUD BEFORE CHANGING THIS SETTING.


When resetting a password with this feature a reset code will be sent to the users chosen email address.  This code will expire after 3 minutes.




Reset via SMS

A recovery code is sent to a specified mobile phone to reset their password.


To enable this feature in the IAM Cloud portal  select Features >  Password services  and select the option ‘By SMS.’


Please note there is an extra cost for this, please contact our support desk for further information. Details can also be found here - 


How to activate Self Service Password Reset by SMS






Administrators can select whether they want to enforce users to set up a mobile number for password reset by selecting the is Mandatory option. On logon users will be forced to update this option before they can log in.


This can be assigned to classifications as per the previous instructions. Once this is selected additional configuration options can be found under Features > User Identification. Here you can select where the recovery mobile number is stored in our DB.

PLEASE CONSULT IAM CLOUD BEFORE CHANGING THIS SETTING.





Reset Password via Security questions (Challenge Response)


This options asks users to answer some pre- answered security questions to reset their password. Administrators have a list of pre configured questions they can select to present their users with.


To enable this feature in the IAM Cloud portal  select Features >  Password services and select the option ‘Questions' 




Administrators can select whether they want to enforce users to set up challenge response questions for password reset by selecting the is Mandatory option. On logon users will be forced to update this option before they can log in. 


This can be assigned to classifications as per the previous instructions. Once this is selected additional configuration options can be found under Features > User Identification. Here you can select the challenge response questions. There is a bank of questions to choose from, you need to select at least 5. If a user needs to use these to reset their password then they'll be asked 3 questions from the list that you've selected. 





o manage and use SSPR as the end user you can either select 'Reset password' or 'Manage settings':




Choosing reset password presents this screen, select 'I have forgotten my password and want to reset it' allows the user to reset the password via one of the reset options that they've setup:





If you need any assistance please do not hesitate to contact us at support@iamcloud.com