Introduction
When using the HelloID Active Directory Identity Provider, users who must change their password in Active Directory will be prompted to do so through the HelloID logon interface if they have not already changed it.
This is helpful for general ease-of-use, as well as for supporting remote workers who may not have access to a domain-joined Windows computer. This article will show you how this process functions and how it looks for end users.
The Reset Process
When a user logs into HelloID through the Active Directory Identity Provider, the HelloID Agent is used to authenticate the user within the target domain. If the user is required to change their password, or if their password has expired, they will be prompted to change it through the HelloID logon interface.
As an example, we will log on with an account (jdoetest) who will be forced to change their password on next logon.
In the screenshot below, our test user is logging in to HelloID with his Active Directory username and password.
After authenticating the user in Active Directory, HelloID detects that the user must change their password. The user is presented with an interface to do so, as seen below.
At this point, the user enters a new password, confirms it, and clicks the Continue button. While the user themselves is taken to their HelloID dashboard, the HelloID Agent receives the new password over an encrypted connection and sends it back to Active Directory. From this point forward, the user can log in to HelloID or any other Active Directory-connected systems with their new password.