IT Monkey:   Join the Cireson Community today for your chance to win $50!
We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

As a user I want to unlock my Active Directory account with Cireson Password Reset app as selfservic

Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭

As a user I want to unlock my Active Directory account with Cireson Password Reset App so that I don't have to contact ServiceDesk.

In my organization about 70% of request with AD accounts is unlocking. Rest is request of new password.

13 votes

Backlog Planning · Last Updated

We are currently working to determine priority and timeline for this addition.

Comments

  • David_AllenDavid_Allen Partner Advanced IT Monkey ✭✭✭
    I would also like to see this be an option, but I believe it must be just that, an option.  It could be argued that you are introducing a security risk by just allowing an unlock.  If a an account is locked, it is because someone has entered the password incorrectly x number of times as they genuinely forgot it, or an attacker is trying to access the account.  Either way the safest approach is to unlock and reset the password.

    I'm sure plenty of organisations will accept this risk, especially if Password Reset is only internal, however other organisations that present Password Reset externally may not want this feature enabled.

    Just my thoughts :-)
  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭

    In my experience account is locked because users try to remind passwords an try few Times oraz their change the password but didn't not change yet in connected devices, eg. have Exchange Mail Client that don't change password automaticly.

    So, users don't want to change password to unlock account but want to have another opportunity to logon. Of course there should be also a limit to unlock per day.

  • seth_coussensseth_coussens Product Owner Ninja IT Monkey ✭✭✭✭
    While I understand where you are both coming from above, we need to put this in the context of password reset as it exists today, and in it's next versions.

    If a user has the required (accepted) information that reset their password, the account should be unlocked. This would not be considered a security risk as the user already has access to the appropriate information to reset their password, so if it was someone trying to get in with this information, the account could be reset and never locked in the first place.

    The only scenario I see where this maybe an issue is if the user has been intentionally liked by an administrator, and then we allow the account to be unlocked through PWR.
  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭

    We can have the risk at the same level as with the password reset. Just add limit of allowed operation per day.

    We noticed that users prefer to unlock account once, try one more time their password and then reset.

  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭
    @seth_coussens , can you tell, what is going with this idea?
  • seth_coussensseth_coussens Product Owner Ninja IT Monkey ✭✭✭✭

    We can have the risk at the same level as with the password reset. Just add limit of allowed operation per day.

    We noticed that users prefer to unlock account once, try one more time their password and then reset.

    Not sure I understand this statement. You say they prefer to unlock their account once and then try their password again, and then reset if that doesn't work? Doesn't this require a call to the helpdesk to unlock the account? The point of PWR is to provide a self service to users to reset their passwords and not require that helpdesk call in the first place. If they are already calling the helpdesk to have their account unlocked, then they might as well have their password reset there?

    Maybe I'm misunderstanding what you are saying?
  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭
    We have set, that if user lock his account, the account will be automaticly unlocked after some time - eg .1 hour.
    We have lot of mobile workers that work outsige te office and log there as domain account.

    They common lock his account by:
    1.  wrote bad password (eg. with pressed capslock) and noticed this when account is locked
    2.  they have change its password but didn't logout their Virtual Desktop with running Exchange that lock their account.

    In that case they call to Servicedesk to unlock account and then they work normally or logoff (in case 2). They prefer to unlock account now.

    We try to popular unlocking account by changing with PWR but they say that is not always comfortable.
    Often they are in customers office and can't wait.


  • seth_coussensseth_coussens Product Owner Ninja IT Monkey ✭✭✭✭
    The latest version of PWR also unlocks the users password, is that what you are asking?
  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭
    edited December 7
    If there is an option to unlock account, without need to change the password, than yes.

  • seth_coussensseth_coussens Product Owner Ninja IT Monkey ✭✭✭✭
    I see, you want to use PWR to only unlock accounts at times? I can put this in as a feature request but currently that is not supported, I'm afraid.
  • Marek_LefekMarek_Lefek Customer Adept IT Monkey ✭✭
    Our users will appreciate this function.
Sign In or Register to comment.