Updated: 13 September 2016
Password management is a critical part of an identity management service. IAM Cloud originally developed two features to handle password resets for users. These were known password reset, where a user can choose to reset their password at their discretion – and self-service password reset, where a user can reset a forgotten password by answering security questions. Both of these features are handled through the browser, and the new passwords are securely flowed back to source systems like Active Directory.
IAM Cloud handles tens of millions of password resets for our customers, saving thousands of hours of time on IT help desks. We’ve been working hard on improving these existing features and developing new ones to make our password management service even more useful to customers.
We have made two significant additions to our password management service.
The first is our new password policies system. IAM Cloud’s password policies give administrators simple yet powerful control over their users’ password requirements.
Within the password policies section in the IAM Cloud Portal, Admins can easily configure password length and complexity requirements for their users – or they can get really advanced by adding their own Regex. IAM Cloud’s password policies also allow Admins to set exclusion phrases.
IAM Cloud’s password policies also have customisable user locking capabilities. Admins can configure custom options like the number of failed login attempts before a user gets locked-out. The duration of the lockout, from minutes to indefinite – and the option of whether the user can unlock themselves by answering security questions.
Advanced Password Reset
Cloud-based password resets are very useful - most cloud-based identity services have them, but they all have a particular tripping point: If a user has forgotten their password, how would they login to their domain-joined computer to be able to access the cloud in the first place?
IAM Cloud is the first identity management service to be able to provide advanced password reset from the workstation login screen. The users will be able to click a ‘forgotten password’ link – and from there they will be taken to a reset screen with the ability to reset their password by answering security questions.
Password Reset by Email
Initially, our password reset system began as an security questions-based feature. We have now developed this service to also allow users to reset forgotten passwords by requesting a reset code to be sent to their back-up/alternative email accounts. Our customers have the choice of which form of password reset they would like their users to use, and there are a number of different ways to capture and synchronise the alternative email addresses into our platform.
You may be aware of TouchPoint as a Messaging feature that works through the login box, but the reality is that messaging is just the first module of TouchPoint. TouchPoint is a framework that allows us - and our customers and partners - to add custom features into the authentication flow. So far we are working on SMS and Phonecall based MFA and password resets - and we recently added email functionality. But we will continue to grow the functionality of this service, and you will see a whole host of useful added functionality within TouchPoint.