search
HomeManagement Center

Microsoft Active Directory

Reset your forgotten password using Fortified ID Password Reset.

hashtag
Overview

This use case describes how to configure password reset for accounts managed in Microsoft Active Directory. It covers both self-service password reset scenarios and delegated password reset scenarios, where an authorized administrator can reset another user’s password. A typical example is a teacher resetting a forgotten password for a student.

hashtag
Prerequisites

  • Fortified ID Password Reset is installed and configured as a SAML Service Provider (SP) against an SAML Identity Provider (IdP), for example Fortified ID Access.

  • Configuration of the SAML IdP is outside the scope of this use case and is therefore not covered.

hashtag
Overview

This use case provides an example configuration for resetting an Active Directory password after successful user authentication. The pre-configured SAML IdP must support an authentication method that does not rely on an Active Directory password, such as Swedish BankID, Freja, or username combined with a one-time password (OTP).

hashtag
Configuration

hashtag
Overview of the steps in this use case

  1. Add a LDAPClient module

  2. Add a ADResetClient module

  3. Update the Password Self Reset pipe

hashtag
1. Add a LDAPClient module

  1. Login to Management Center for Access

  2. Click Configuration tab

  3. Expand Modules and click + to add new module

  4. Click add LDAPClient

    1. Click JSON button for the LDAPClient module

    2. Copy data below and overwrite all existing data

  5. Only change the three properties below to map your environment:

    1. host

    2. bind_dn

    3. bind_password

    We assume that your domain controller has a server certificate to use LDAPS.

    1. Click Update and Deploy

You have now added an LDAP module that can be used by one or several objects like valves. To address this LDAP module you use the value active_directory. Note. The service account needs permissions to read and write to LDAP regarding password attribute.

hashtag
2. Add a ADResetClient module

  1. Login to Management Center for Access

  2. Click Configuration tab

  3. Expand Modules and click + to add new module

  4. Click add ADResetClient

    1. Click JSON button for the ADResetClient module

    2. Copy data below and overwrite all existing data

  5. Only change the three properties below to map your environment:

    1. host

    2. bind_dn

    3. bind_password

    We assume that your domain controller has a server certificate to use LDAPS.

    1. Click Update and Deploy

You have now added an LDAP module that can be used by one or several objects like valves. To address this ADResetClient module you use the value active_directory_reset. Note. The service account needs permissions to read and write to LDAP regarding password attribute.

hashtag
2. Update the Password Self Reset pipe

Default installation of Password Reset comes with two pipes, one for self service and one for delegated reset. Depending on your use case each pipe needs to be updated regarind the user store you are using. In this use case we use Active Directory.

  1. Browse to Management Center for Password Reset

  2. Click Configuration tab

  3. Expand Password Reset

  4. Expand Pipes

  5. Click self_reset

  6. Click JSON for JSON Edit

  7. Copy data below and overwrite all existing data

  8. Click Update and Deploy

PreviousHandle errorsNextMicrosoft Entra ID

Last updated