Reset Password Block

The Reset Password block works in conjunction with the Ivanti Voice Reset Password service to enable Windows domain users to reset passwords using a self-service telephony application, useful for environments in which users must change passwords frequently and for users who forget their passwords. Only users who have direct membership in configured security groups can be considered by the Reset Password Block (either allowed or denied the reset password functionality). Nested user membership in security groups is not supported by the Reset Password block.

The Ivanti Voice Reset Password function has system-wide settings (configured in the Reset Password block configuration utility) and voice application-specific settings (configured within the Reset Password block).

Reset Password Process

1.The Ivanti Voice Reset Password service searches for an account with the specified user name in the domain controller.

2.If the user is found, the Ivanti Voice Reset Password service checks the access control settings for permission to reset the user's password.

3.If users have permission to reset their password, the Ivanti Voice Reset Password service resets the user’s Windows domain password to a value (configured in the Reset Password Block Configuration Utility) which Ivanti Voice stores in an interaction property (specified in the Reset Password block).

4.The Ivanti Voice Reset Password service enables disabled user domain accounts if allowed to do so in the system-wide configuration (as configured in the Reset Password Block Configuration Utility) and if the service account has the appropriate permissions.

5.If notification is enabled, Ivanti Voice triggers an email server to send a password change notification email to the email address in the user's Active Directory record.

6.The application utilizes Text-To-Speech functionality to play a prompt informing the user of the new password.

Reset Password Block Configuration Utility

The Reset Password block configuration utility is used to modify the operational configuration of the Reset Password block. Before using the Reset Password block, initialize the block settings using the Reset Password block configuration utility:

  1. Click Start > Programs > Ivanti, Inc. > Communications Management > Reset Password block configuration (you must be logged into Windows as a domain user with local administrative rights). The ResetPasswordConfig dialog box opens.
  2. On the Accounts tab, click the Change button to change the account under which the service runs.
  3. On the Accounts tab, in the Managed User Groups section:

Click the Add ALLOWED Group button to add a user group for whom passwords can be reset.

Click the Add DENIED Group button to add a user group for whom passwords cannot be reset.

If a user is a member of both a Denied and an Allowed group, the denial has priority and the user’s password cannot be reset.

To remove a user group from the list, click the group then click the Remove button.

  1. Click Apply.
  2. On the Password policy tab, you can configure how the block creates a new password:

Click the User must change password at next logon to require the user to change the password.

Specify the password minimum length (this field may be inactive until the Password type field is changed from the Predefined Value option).

Use the Password type field to select the password format and/or use a predefined value. If you select Predefined Value, you can change the Predefined password.

Select the Allow re-enabling previously disabled accounts check box to allow disabled accounts to be enabled.

  1. Click Apply.
  2. On the Email Settings tab, configure Ivanti Voice to email notifications when a password change occurs:

Select the Notify the user by email check box, then enter the host name and port number of the SMTP server which will send the notification email. You can also specify the sender's email address, email subject, and message content. If you want to show the new password in the email, use %%PASSWORD%% as a placeholder in the content.

  1. Click Apply.
  2. On the Configure Permissions tab, click the Permissions button to view/change users and groups that have permission to view and edit the Reset Password configurations.

Ensure that the account under which the Ivanti Voice Reset Password service runs has the Read Configuration check box selected.

  1. Click Apply then click OK.

Reset Password Block Conditional Exits

The Reset Password block has conditional exits to determine the action of the voice application when the following events occur:

Failed - The voice application failed. Check the Log Viewer for error messages explaining why the failure occurred. Possible reasons include:

The Reset Password block was not initialized. To initialize the block, use the Reset Password Block Configuration Utility.

The user entered a user name in an invalid format.

The user failed to comply with the domain password policies.

User not found - The specified user was not found in the specified domain.

Not allowed - Access control settings prevent the voice application from resetting the password for the specified user. To correct this, use the Reset Password Block Configuration Utility to view and change the settings.

Account disabled - The specified user account is disabled and the system-wide configuration does not permit re-enabling of disabled accounts (refer to Reset Password Block Configuration Utility).

Account locked out - The specified user account is locked out and the Execute operation section in this block is set to Reset password only or Verify account status.

Insufficient permissions - The account under which the Ivanti Voice Reset Password service runs does not have the permissions to perform the requested action (refer to Reset Password Block Configuration Utility).

Settings

The Reset Password block has the following settings:

Label - Change the name of the block if needed to uniquely identify the use of this block in the application flowchart.

Interaction Property to Get User Name from (Name) (Required) - The user name for which the block resets the password. Either enter the user name, or the Ivanti Voice interaction property containing the user name enclosed in percent (%) signs. For example: %PropertyName%. The user name value must be in one of the following formats:

domain_name\user_name

user_name@domain_name

Interaction Property to Store New Password in (Name) (Required for all Execute operation options except Verify account lock-out status) - The interaction property in which the block stores the new password. You can then configure the Play Prompt block to read the new password to the calling party using this interaction property (a Play Prompt block must follow the Reset Password block in the application flowchart for this to occur).

Execute operation - The Execute operation section contains the following options:

Reset password only - Select this option to reset the domain user password (this option will fail for locked-out accounts).

Unlock account only - Select this option to unlock a locked-out user account without resetting the password.

Reset password and unlock account if needed - Select this option to unlock a locked-out user account and reset the password.

Verify account status - Select this option to verify if the domain user account is locked out or disabled.

When using the Reset Password block in a voice application, insert a Set Property block in the voice application flowchart (before the Reset Password block) to create an interaction property that stores the caller’s domain username. For example, if the voice application has previously set a variable called CustID to the caller’s username, and the caller is a member of domainA, set the fields of the Set Property block:

Interaction Property Name = username

Interaction Property Value = DomainA\%CustId%

You can then enter username as the value in the Interaction Property to Get User Name from field of the Reset Password block.