Skip to content

Self-Service Password Reset

The Self-Service Password Reset (SSPR) module empowers end users to reset their domain passwords (Active Directory, Microsoft Entra ID and Google Workspace accounts) and unlock accounts securely —all on their own, without relying on IT support. SSPR is available as a paid add-on module in Securden Unified PAM.

How to Enable SSPR in Securden Unified PAM?

SSPR needs to be enabled by Securden administrators for the required users in the organization. Securden allows users to reset expired or forgotten passwords anytime, anywhere—via the web, the Windows login screen, or the mobile app. Resetting via web/mobile interface works out-of-the-box. Resetting via Windows login screen requires an agent to be installed on the workstations.

Once SSPR is enabled, end users will activate the facility by configuring the authentication method and security questions. They can follow steps outlined in the SSPR end-user guide.

This section explains the steps the administrator must perform to enable or activate the module.

Summary of Steps

To enable SSPR, you need to perform the following steps:

  1. Activate Password Self-Service
  2. Onboard the required users/groups for whom SSPR is to be enabled
  3. Configure the MFA methods through which end users should authenticate themselves. This is to ensure the integrity of the reset operation.
  4. Trigger enrolment email notification to end-users
  5. You need to install Securden agent for SSPR on workstations. If you are using Securden’s Privilege Elevation / Endpoint Privilege Management module already, you would have already installed the agent. In that case, you can simply expand the Securden agent’s scope to include SSPR as well.

Step 1: Activate Password Self-Service

Navigate to Admin >> Password Self-Service >> Configure Password Self-Service in Securden web-interface. In the page that opens, you need to first import your domain (if you haven’t already imported one). You can import from on-prem AD, Google Workspace, or Entra ID. After importing the domain, click the “Activate Password Self-Service” toggle.

Default Role

Step 2: Onboard Required Users or Groups

You need to onboard the users for whom you want to enable the SSPR functionality. You can onboard users that are already added to Securden OR you can onboard them afresh from the domain. Click the box “Onboard Users or Groups” in the SSPR configuration page referred to above. Only the users who are onboarded in this step will be able to use the SSPR functionalities. Securden licensing for SSPR applies here. You will be able to onboard only the number of users licensed for SSPR.

Default Role

Step 3: Enforce MFA to Ensure Reset Integrity

To ensure the integrity of the password reset process (unauthorized users are not exploiting the password reset functionality by resetting the passwords of other users), you need to enforce authentication options for end users. Securden supports a variety of MFA options, and you can select which MFA methods your users can use. From the list of MFA options configured by you, end users will select any two.

Default Role

Step 4: Trigger SSPR Enrolment Email Notifications to Users

Once you have activated SSPR, you can trigger email notifications to end users. The email notification will carry instructions to the end users.

Default Role

Step 5: Install Securden Agent for SSPR

If you want to allow your users to reset passwords via Windows login screen, you need to install the Securden agent on the workstations. If you are already using Securden’s Privilege Elevation / Endpoint Privilege Management module, you would have already installed the agent. In that case, you can simply expand the Securden agent’s scope to include SSPR as well.

To install SSPR agent afresh

  • Navigate to Admin >> Password Self-Service >> Configure Password Self-Service page.
  • Click “Windows Agent” on the left panel
  • Download the .msi and install it on the workstations either manually or through GPO.

If you are already using the Privilege Elevation / Endpoint Privilege Management (PEDM) module in Securden

If you are already using the PEDM module, you would have already installed the Securden agent on workstations. In such cases, you can simply expand the scope of the privilege elevation agent to include SSPR as well. Navigate to Admin >> Securden Agents >> Manage Agents >> Select the required computers >> Click the “More” drop-down next to the “Add” button and click “Switch Agent Mode and Scope” option.

Default Role

In the page that opens, select “Password Self-Service Operations” under the scope of operations section (refer to the screenshot below).

Default Role

Securden Help Assistant
What's next?
Request a Demo Get a Price Quote
Thank you message

Thanks for sharing your details.
We will be in touch with you shortly

Thanks for sharing your details.
We will be in touch with you shortly.