From Bright Pattern Documentation
< 5.19:ActiveDirectoryPasswordReset
Revision as of 04:00, 29 May 2024 by BpDeeplTranslateMaintenance (talk | contribs) (Updated via BpDeleteTranslateTags script)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
• 5.19


Active Directory Password Reset Overview

Bright Pattern’s Password Reset Feature is a set of software components designed to authenticate users requesting new passwords for Windows Active Directory and Domain Services, and distribute the created passwords without additional involvement from system administrators. It consists of a Windows service that runs locally in the customer network, a GUI-based installation and configuration program, and sample Bright Pattern Contact Center (BPCC) scenarios for user access.

The installation file installs signed binary files to the specified path, configures the service with the provided user credentials, and optionally creates a desktop shortcut. The GUI configuration tool will provide the user with the necessary steps for proper functionality, including certificates, tokens, allowed user groups, and additional verification scripts.

This guide contains a walkthrough of a sample scenario for Password Reset and a detailed explanation of each section. The scenario will identify and validate the user attempting to reset their password, and, if confirmed, will send a request to the password reset service. The validation process can include providing a PIN, using MFA, answering security questions, or using voice biometric authentication. The scenario can be used to properly update ITSM ticket procedures, also.

To install and run, administrators will need:

  • Microsoft Windows Server with:
    • 2012 R2 or later
    • Firewall access on a specified port
  • Domain and local administrator credentials
  • The certificate file and the private key file
  • A list of domain groups to allow and disallow

Note: Allowed groups must be in the domain local group scope, and not global. Built-in groups such as domain-users are in the global group scope.

Next >