Lock Screen Reset Password UI Change

Question

Hi folks,

I am looking to enable self -service password reset (SSPR) for our Windows 10 (and soon 11) clients. We have the standard vanilla domain with AD Connect syncing to Azure AD for machine accounts only (for hybrid devices). We use Okta for our Identity Provider, which does as much authentication and SSO as is possible and we allow.

So here's the rub. Because we use Okta for account provisioning, authentication, etc., we can't enable Password Writeback in AD Connect. It would pretty much cause a loop where the password was constantly changing, or at least being seen as constantly changing. Okta does partner with another company to provide SSPR, but it's not as elegant or simple as we'd like it to be (unfortunately). We can have our users reset their AD passwords in Okta, which will write back into AD and across to Azure AD. This is the only modification we allow Okta to make to our on-prem AD.

My question is around the Microsoft/Windows UI, when you enable the Password Reset link (which we have, via Group Policy). Is it possible to change the UI the password reset functionality looks to? Put simply, I'd like to have a user click Password Reset, and the user is presented with Okta's reset password UI. I know it's probably not possible, but I just wanted to reach out and ask.

Thanks.

Answer 1

Hi @yeooandyni ,

All of the customization options for the password reset experience are documented here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-customization

You can customize the SSPR e-mail link for users, company branding, and AD FS sign-in page link.

The customization you described does is not configurable, but if you want to draft a business justification for this, you can create a request in the feedback site. https://feedback.azure.com/

Marilee

-

If this answer helped resolve your question, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.