SSPR in Azure AD

GoodResource 401 Reputation points
2021-11-12T12:53:14.283+00:00

Does self service password reset in Azure ad works for synced accounts? User accounts which are synced from local AD with ADFS sso being enabled? does it work?

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,293 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,260 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,761 Reputation points
    2021-11-12T13:09:36.357+00:00

    Hi @GoodResource • Thank you for reaching out.

    Yes, Azure AD SSPR can be used to reset the passwords of Synced Users as well as Cloud-only Users. However, for SSPR to work with Synced Users, you are required to enable Password Writeback in AD connect. It works for user accounts which are synced from local AD to Azure AD with ADFS federation as well.

    As shown below you need to configure on-prem integration in Azure Portal as well:

    148820-image.png

    For step-by-step instructions and prerequisites, please refer to Tutorial: Enable Azure Active Directory self-service password reset writeback to an on-premises environment

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.