If you use Microsoft Azure Active Directory, you can integrate its self-service password reset into the end user portal of Freshservice. This adds a ‘Reset Password’ button on the portal.



Quick guide to adding the password reset button in Freshservice:


Prerequisites:

  • An active Azure AD Tenant.
  • An Azure AD Basic or Premium subscription. [self-service password reset is available only for these plans]


Step 1: Adding On-Premise AD Domain to Azure

On-premise AD domain can be added and verified in Azure AD by adding the corresponding CNAME/TXT/MX record in the DNS.


Step 2: Synchronizing your on-premise AD with Azure

DirSync is a tool used to synchronize on-premise AD with Azure AD. It can be downloaded from the Directory Integration page in the Active Directory in Azure.

After you download the DirSync tool, refer to this article for step by step instructions to configure it.

Once DirSync in configured, check the USERS tab in Azure Active Directory to make sure the sync was successful. The users that were imported from the On Premise AD will have “Local Active Directory” in the SOURCED FROM column.



The “LAST SYNC” field in the DIRECTORY INTEGRATION tab displays the time when the sync was done.



Step 3: Enabling Self Service Password Reset

Users should be assigned to a Basic/Premium subscription to be eligible for self-service password reset.


 


Once that is done, self-service password reset should be enabled for the Active Directory. You can refer to this article for the steps.

Once self-service password reset is enabled, the configuration will look like this.


 


Challenges for self-service password reset

Admins can set a number of challenges that a user will need to undergo while resetting the password. These are simple questions that the user should have had registered the answers for already.






They’ll be prompted to answer these questions when they access any of the Azure services.


Password writeback

When a password is changed, it should also reflected on the on-premise AD. In Order to achieve that, Password Reset Service should be enabled in the machine in which DirSync is installed. Refer to this article to enable password writeback to the on-premise AD.


Final Step [End User Portal]: Resetting the Password through Freshservice

Freshservice end user portal can be customized to include a “Reset Password” button (see attachment for steps). When a user clicks on it, it will redirect them to the Azure AD password reset page.


 


On that page, the user will be prompted for their user ID and a captcha.


 


Then they’ll be presented with the challenges they’ve answered already.


 


Based on what they choose, the verification code to reset the password is sent to them.





In on-premise ADs, the Event Viewer can be used to ensure that the password has been written back, as mentioned in this article.