Skip to main content


Enforce Active Directory password changes

When using the AD (SAML) IdP, users who must change their password in Active Directory will be prompted to do so through the HelloID login screen. This is helpful for general ease-of-use, as well as to support remote workers who may not have access to a domain-joined Windows computer.

When you're using this IdP, no additional configuration is required to enable this feature.

As an example, we will log on with an account (jdoetest) who will be forced to change their password on next logon.

In the screenshot below, our test user is logging in to HelloID with his Active Directory username and password.


After authenticating the user in Active Directory, HelloID detects that the user must change their password. The user is presented with an interface to do so, as seen below.


When the user enters a new password and clicks Continue, the user is logged in and the HelloID Agent updates the password in Active Directory.