If you need to clear the questions that a user has set then you can do so by navigating to Identities / Cloud vault and then searching for your user. Once you find it select them and go to the 'User Identification' tab. From here you can clear the answered questions.
Please note that there is no option to clear the recovery email address or mobile number. You can contact the IAM Cloud support team to clear these.
- Setting password policies
A limited number of password policies can be applied to the resets done with Surp4SS!. Please note currently we're unable to detect policies from AD and resets done using our portal will override policies that are set in AD.
You can set these by navigating to Features / Password Services and then selecting the options which you require. The default requirements are - password must be at least seven characters long and meet complexity requirements including the use of three of four character types: uppercase, lowercase, numeric, and non-alphanumeric.
By default no password policies will be applied to resets. In order to activate the ones that you've selected click on the 'Target Editing' tab and select the classification name. Select 'Tick all applications' and the hit save. These will be applied to future password resets but the options can take up to 24 hours to apply.
- Using known password reset (KPR)
Surp4SS! is a browser based service. To use it your users will navigate to a url in your domain namespace. If you're only using KPR then users will see the screen below. Once their email address has been entered then they'll be able to enter their current AD password and then choose a new one. This will write back to AD in around one minute.
If you're using self service password reset (SSPR) and KPR, then you you'll see the option to use KPR as per the below screenshot:
- Using SSPR
Please note the timeout of the recovery / verification codes is 5 minutes. After this they will expire and need to be re generated
Self service reset can be done in three ways. By answering challenge response questions or by using a reset code sent to either a recovery email address or mobile device.
The options will be configured by IAM Cloud as part of the setup process. The only client side task is to choose the challenge response questions.
Users will need to set these options up before they can be used. They can do so by selecting 'I want to set up or manage my password reset options' and following the on screen prompts:
The recovery email and SMS options will require a verification code to be entered, this will be sent to the email address or mobile number. Once they've entered the options and pressed submit, they'll be securely stored in our database and available for use. The option will be 'I have forgotten my password and want to reset it'
They can then follow the on screen prompts to go through the reset process. As with KPR this will write back to AD in around 1 minute.
If you run into any issues or require any further information then please contact IAM Cloud support team on firstname.lastname@example.org