FIM 2010 R2 Web Based SSPR using OTP
FIM 2010 R2 will include the possibility to use Self-Service Password Reset using OTP (One Time Password)
The following demo will show
- How to include the OTP functionality to the SSPR workflow (and MPR update)
- Full registration process
- Full SSPR process
Now…
There are two kind of OTP activities
- One-Time Password Email Gate
- One-Time Password SMS Gate
These activities are OOB included in the R2 version but have to be first added and configured in the “Password Reset AuthN Workflow” Workflow as follow (I will use the “One-Time Password Email Gate” in this demo):
Workflow
Go to the “Activities” tab in “Password Reset AuthN Workflow” Workflow, click on “add Activity” and select the “One-Time Password Email Gate” activity
Configure the Activity parameters, and “save”
Remark: Look at the registration mode, where there is a possibility to allow user to enter a personal email during the registration step, or not… (will be shown later in this demo)
the updated workflow look like:
Management Policy Rule (MPR)
Update the “Administration: Administrators can read and update Users” MPR. Add the “One-Time Password Email Address” attribute to the “Target Resources”
Note: You can also add the attribute “One-Time Password SMS Gate” (needed for SMS OTP via mobile)
Registration Process
Welcome screen
Enter your current password
Enter your answers
Enter your personal mail address for Email OTP
Done!
Self-Service Password Reset
Here’s the procedure of resetting a password with SSPR and OTP
domain\username screen
fill the correct answers entered in the registration process
Enter the OTP that has been sent to your personal email
Choose a new password
Done!
