By Ryan Squires Posted November 6, 2019
Even with modern authentication methods like biometrics entering the fray, helping users reset their passwords remains a time-consuming task for IT admins. Reasons why this problem persists include end user knowledge, poor tooling, and unintegrated identity and access management (IAM) solutions. If you’re looking to automate password resets, a cloud solution offers a way to ease woes brought on by traditional identity and access management solutions.
Traditional IAM and Password Resets
The common denominator for the majority of organizations is Microsoft® Active Directory® (AD); it is what provides identities to users so that they can access Windows-based systems, applications, files, and networks. We define AD as a traditional identity management solution because it exists on-prem, creates a legacy domain structure, and focuses users and admins into a particular ecosystem.
That said, the early days of AD provided clear benefits. AD made it easy to connect users to their IT resources — all they needed was their core set of credentials and they could access virtually any resources needed, as long as they were Windows-based. This setup made user and system management a breeze; Microsoft designed everything to work together.
The benefits did not stop there. Resetting passwords in a Windows-based environment was relatively straightforward. Once a user reset their password on their Windows machine, that change would propagate out to the Windows-based resources IT admins granted them access to. Over time, the problem became more challenging as more resources were not Windows-based, so password changes began to impact a much smaller number of user resources.
Difficulty Automating Password Resets Today
When game-changing solutions like AWS®, G Suite™, web applications like Salesforce®, and more emerged, the process of updating passwords became more complicated. In addition to these new cloud-based resources, users wanted to use systems that weren’t based on Windows — they wanted Mac® and Linux® devices.
End users now had a multitude of unique identities, and to complicate matters even more, each of those identities might have had different cadences for updates. Additionally, users were juggling unique passwords for each resource. This led to forgotten passwords and the subsequent need for resets. Worse yet, some users were using weak, easy-to-guess passwords like “12345” or “password” and using them across all of their services with slight variations. Password practices like this leave the barrier cracked between bad actors and the company’s valuable information.
So, while this development was a mess for end users, IT admins were the ones on the hook to support the resources their users needed. They had to balance the need for security with the desire to provide users with solutions that enable maximum productivity. To support that initiative, many admins got stuck spending a good portion of their time resetting passwords. For those stuck in this password reset loop, a new approach to identity and access management, called Directory-as-a-Service®, reimagines password management and updating tasks.
A Cloud-Based Password Reset Facilitator
IT organizations can leverage this cloud directory service to replace Active Directory so that they can utilize one identity connecting users to their systems, applications, files, and networks.
Or, if AD is already in the environment, Active Directory Integration can extend a single AD identity and update that identity to a wide range of IT solutions. Essentially, when a user changes their password, that change propagates out to all the resources that Directory-as-a-Service manages. It’s an easy and simple way to automate password resets.