question

TomassPetersons avatar image
0 Votes"
TomassPetersons asked

Password reset capabilities for synced on-prem users

Hi!

Previously our organization had self service password reset enabled for all users. Now we have this property disabled for everyone.
145893-properties.png

We left the on-premises integration feature "Write back passwords to your on-premises directory" set to "Yes" but then we found out that this still gave all synced on-premise users capability to log in to portal and change their password despite the fact that self service password reset property was disabled, so we changed it to "No". Now on-premise synced users are not able to change their password in the portal.
145889-on-prem.png

As we are planning to enable self service password reset feature to few users that are synced from on-premise, we need to enable write back function as well. But that would again give all synced on-premise users capability to change their password in the portal. How we can limit this?

Thanks!


azure-active-directory
properties.png (28.5 KiB)
on-prem.png (31.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered

SSPR is not the same thing as users changing their own password, it's password "reset" vs password "change". The latter cannot be restricted in Azure AD/O365.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.