Getting Started with Ivanti Password Reset

Passwords are one of the most common forms of authentication in the world. Passwords are easy, require little training and present few technical challenges. However, passwords are also very prone to user error and can present one of the most expensive support burdens in an IT environment. With Ivanti Identity Director, you can enable users to reset their Active Directory password from the sign in page of the Identity Director Web Portal and the log on page of Microsoft Windows. This reduces the number of help desk password tickets and enhances productivity of the user.

Please note that Windows 10 users will only be able to access the Password Reset and the Unlock Account buttons from the log on screen, and not from the lock screen.

This document describes how to enable password resets in Identity Director, based on three scenarios:

  • By using a private e-mail address of the user.
  • By using security questions.
  • Optionally, you can:
    • limit the number of attempts to answer the security questions correctly;
    • manage password reuse;
    • add verification code validation in scenario 1 and 2. This adds an extra check to authenticate the user who requests a password reset.

Building Blocks are provided with sample services for Identity Director and Run Books for Ivanti Automation.

While this guide and the provided Building Blocks focus on Password Reset, much of what is described here also applies to Unlock Account.
If you create a Run Book that uses the Unlock user account property of the Manage Active Directory User action in Ivanti Automation, you can adapt the desired services in the Building Block Password reset for Ivanti Identity Director to invoke that Run Book.